Dear OffensiveComputing community,
I take the chance of this blog post to inform you of the release of Cuckoo 0.1.0-beta.
Cuckoo is a very simple automated malware analysis sandbox which makes use of Microsoft Detours, AutoIt3 and Python for analyzing malwares in a VirtualBox based environment.
At this point it is able to analyze Windows binaries and PDF files, but can be easily extended.
Here are some basic features:
- Retrieve files from remote URLs and analyze them.
- Trace relevant API calls for behavioral analysis.
Continuing on the road of scammail-spread malwares, today I am going to analyze an interesting little toy i accidentally get in touch just yesterday when receiving this funny email at my Universitary address from a fake crafted address firstname.lastname@example.org:
We are contacting you in regards to an unusual activity that was identified in your mailbox. As a result, your mailbox has been deactivated. To restore your mailbox, you are required to extract and run the attached mailbox utility. Best regards, crema.unimi.it technical support.
As you may guess there was an attachment called utility.zip containing an utility.exe which VirusTotal rates with a 73%.