Introduction
Cuckoo is an open source malware analysis sandbox tool, which allows you to analyze malware on systems with Windows, Linux and OSX Operating systems. It can help you see what a potential malicious file, URL, or hash will do when detonated within these environments.
The
setup process for Cuckoo is a bit complex, so the purpose of this guide is to
help you get it set up quickly and as easily as possible. The reason I wrote
this guide is because there was a lack of guides on the internet that were
accurate and up-to-date. I hope this information helps others out there
struggling with setting up Cuckoo and gets them well on their way!
It
can be used to analyze objects such as:
- Generic Windows executable
- DLL files
- PDF documents
- Microsoft Office documents
- URLs and HTML files
- PHP scripts
- CPL files
- Visual Basic (VB) scripts
- ZIP files
- Java JAR
- Python files
- and more!
The sample network architecture diagram below shows how Cuckoo should be implemented:
Requirements
Cuckoo
requires a minimum of two computer systems to function – one acting as host and
the other one as guest. Guest systems will always be virtual
machines. I.e., my setup was:
