Cuckoo Sandbox – Automated Malware Analysis Framework

Cuckoo Sandbox is an open source automated malware analysis system. It’s used to automatically run and analyze files and collect comprehensive analysis results that outline what the malware does while running inside an isolated operating system.

Cuckoo Sandbox - Automated Dynamic Malware Analysis
Cuckoo Sandbox – Automated Dynamic Malware Analysis

Cuckoo Sandbox is an advanced, extremely modular automated malware analysis system with infinite application opportunities. By default it is able to:

  • Analyze many different malicious files (executables, office documents, pdf files, emails, etc) as well as malicious websites under Windows, Linux, macOS, and Android virtualized environments.
  • Trace API calls and general behavior of the file and distill this into high level information and signatures comprehensible by anyone.
  • Dump and analyze network traffic, even when encrypted with SSL/TLS. With native network routing support to drop all traffic or route it through InetSIM, a network interface, or a VPN.
  • Perform advanced memory analysis of the infected virtualized system through Volatility as well as on a process memory granularity using YARA.

It can be used to analyze:

  • Generic Windows executables
  • DLL files
  • PDF documents
  • Microsoft Office documents
  • URLs and HTML files
  • PHP scripts
  • CPL files
  • Visual Basic (VB) scripts
  • ZIP files
  • Java JAR
  • Python files
  • Almost anything else

You can read more and download this framework over here: https://cuckoosandbox.org/

Share