PacktLib: Cuckoo Malware Analysis

Cuckoo Malware Analysis

Credits

About the Authors

Acknowledgement

About the Reviewers

www.PacktPub.com

Preface

Getting Started with Automated Malware Analysis using Cuckoo Sandbox

Malware analysis methodologies

Basic theory in Sandboxing

Malware analysis lab

Cuckoo Sandbox

Installing Cuckoo Sandbox

Summary

Using Cuckoo Sandbox to Analyze a Sample Malware

Starting Cuckoo

Submitting malware samples to Cuckoo Sandbox

Submitting a malware Word document

Submitting a malware PDF document – aleppo_plan_cercs.pdf

Submitting a malware Excel document – CVE-2011-0609_XLS-SWF-2011-03-08_crsenvironscan.xls

Submitting a malicious URL – http://youtibe.com

Submitting a malicious URL – http://ziti.cndesign.com/biaozi/fdc/page_07.htm

Submitting a binary file – Sality.G.exe

Memory forensic using Cuckoo Sandbox – using memory dump features

Additional memory forensic using Volatility

Summary

Analyzing the Output of Cuckoo Sandbox

The processing module

Analyzing an APT attack using Cuckoo Sandbox, Volatility, and Yara

Summary

Reporting with Cuckoo Sandbox

Creating a built-in report in HTML format

Creating a MAEC Report

Exporting data report analysis from Cuckoo to another format

Summary

Tips and Tricks for Cuckoo Sandbox

Hardening Cuckoo Sandbox against VM detection

Cuckooforcanari – integrating Cuckoo Sandbox with the Maltego project

Automating e-mail attachments with Cuckoo MX

Summary

Index