Cuckoo Sandbox v0.4.1 The Malware Analysis Released
Cuckoo Sandbox is an Open Source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment.
What does it produce?
Cuckoo generates a handful of different raw data which include:
- Native functions and Windows API calls traces
- Copies of files created and deleted from the filesystem
- Dump of the memory of the selected process
- Screenshots of the desktop during the execution of the malware analysis
- Network dump generated by the machine used for the analysis
In order to make such results more consumable to the end users, Cuckoo is able to process them and generate different type of reports, which could include:
Even more interestingly, thanks to Cuckoo’s extensive modular design, you are able to customize both the processing and the reporting stages. Cuckoo provides you all the requirements for easily integrate the sandbox into your existing frameworks and storages with the data you want, in the way you want, with the format you want.
Why should you use it?
Malwares are the swiss-army knife of cybercriminals and any other adversary to your corporation or organization.
In these evolving times, detecting and removing malwares is not enough: it’s vitally important to understand how they work and what they would do/did on your systems when deployed and understand the context, the motivations and the goals of a breach.
In this way you are able to more effectively understand the incident, respond to it and protect yourself for the future.
There are infinite other contexts where you might need to deploy a sandbox internally, from analyzing an internal breach to proactively scouting wildly distributed threats and analyzing the ones actively targeting your infrastructure or products.
In any of these cases you’ll find Cuckoo to be perfectly suitable, incredibly customizable and well… free!