A new bird in the malware research sky
Dear OffensiveComputing community,
I take the chance of this blog post to inform you of the release of Cuckoo 0.1.0-beta.
Cuckoo is a very simple automated malware analysis sandbox which makes use of Microsoft Detours, AutoIt3 and Python for analyzing malwares in a VirtualBox based environment.
At this point it is able to analyze Windows binaries and PDF files, but can be easily extended.
Here are some basic features:
- Retrieve files from remote URLs and analyze them.
- Trace relevant API calls for behavioral analysis.
- Recursively monitor newly spawned processes.
- Dump generated network traffic.
- Run concurrent analysis on multiple machines.
- Support custom analysis package based on AutoIt3 scripting.
- Intercept downloaded and deleted files.
- Take screenshots during runtime.
You can get more informations at:
Hope you enjoy.