Welcome to Cuckoo Malware Analysis. This book has especially been created to provide you with all the information you need to get set up with Cuckoo Sandbox. In this book, you will learn the basics of malware analysis using Cuckoo Sandbox, get started with submitting your first malware sample, and create a report from it. You will also find out some tips and tricks for using Cuckoo Sandbox.
Chapter 1, Getting Started with Automated Malware Analysis using Cuckoo Sandbox, gets you started with the basic installation of Cuckoo Sandbox and teaches you the basic theory in Sandboxing, how to prepare a safe environment lab for malware analysis, and troubleshoot some problems after installing Cuckoo Sandbox.
Chapter 2, Using Cuckoo Sandbox to Analyze a Sample Malware, teaches you how to use Cuckoo Sandbox and its features, how to analyze sample malicious PDF files or malicious URLs, and also covers some basics of memory forensic analysis with Cuckoo Sandbox and Volatility.
Chapter 3, Analyzing Output of Cuckoo Sandbox, will help you analyze the results from Cuckoo sandbox, demonstrate the ability to analyze memory dump in a forensic process, and simulate an analysis of a sample APT attack in collaboration with other tools such as Volatility, Yara, Wireshark, Radare, and Bokken. This chapter will also help users analyze the output from Cuckoo Sandbox more easily and clearly.
Chapter 4, Reporting with Cuckoo Sandbox, will teach you how to create a malware analysis report using Cuckoo Sandbox reporting tools and export the output data report to another format for advanced report analysis. It will start with human-readable format (TXT and HTML), MAEC format (MITRE standard format), and the ability to export a data report to the most useful format in the world (PDF).
Chapter 5, Tips and Tricks for Cuckoo Sandbox, provides you with some tips and tricks for enhancing Cuckoo's analyzing abilities during the malware analysis process. Some people from the community created interesting plugins or modules that help users perform new experiments using Cuckoo Sandbox such as automating e-mail attachments scanning with CuckooMX, and integrating Cuckoo Sandbox with Maltego project using cuckooforcanari. You will also learn how to harden your VM environment for malware analysis.
An Ubuntu 12.04 LTS or newer, VirtualBox 4.2.16 or newer, some malware samples, and an Internet connection.
This book is great for someone who wants to start learning malware analysis easily without requiring much technical skills. The readers will go through learning some basic knowledge in programming, networking, disassembling, forensics, and virtualization along with malware analysis.
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user inputs, and Twitter handles are shown as follows: "Nevertheless, we will try to compile the cuckoomon.dll source code with the file we had changed before (hook.reg.c)."
Any command-line input or output is written as follows:
$ sudo apt-get install radare radare2 bokken pyew
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "According to the Installation tutorial in the README file, it will work with a Postfix MTA."
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title through the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
You can download the example code files for all Packt books you have purchased from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/support, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website, or added to any list of existing errata, under the Errata section of that title.
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.