Cuckoo Sandbox v0.6 [Software for Automating Analysis]
Cuckoo Sandbox is an Open Source software for automating
analysis of suspicious files. To do so it makes use of custom components
that monitor the behavior of the malicious processes while running in
an isolated environment.
Cuckoo generates a handful of different raw data which include:
- Native functions and Windows API calls traces
- Copies of files created and deleted from the filesystem
- Dump of the memory of the selected process
- Screenshots of the desktop during the execution of the malware analysis
- Network dump generated by the machine used for the analysis
Cuckoo Sandbox 0.6 (2012-04-15)
===============================
(note for author’s blog)
This release represents a major step forward for the quality of the
project: you won’t find an endless list of new features this time, but a
handful of solid improvements that should make your experience with
sandboxing much more pleasant.
Along with a few smaller additions, the focus of 0.6 revolves around the introduction of network logging.
Until now the retrieval of the analysis results from the analysis
machines happened through an inefficient and resource-expensive XMLRPC
transaction. With Cuckoo Sandbox 0.6 we are now able to collect
behavioral logs, dropped files, screenshots and memory dumps in real-time from the analysis machines through the use of what it’s been called ResultServer.
The advantages of this approach are multiple:
- You will now see results coming in in real-time.
- The memory errors and timeouts that used to occur with previous versions when trying to retrieve the resuts are now gone!
- Even if the analysis machine is somehow compromised (crashed, shutdown or otherwise locked) you will still have complete results up to that point.
- Probably some more advantages, but it’s already awesome as it is.
0 comments:
Never Forget To Say Thanks :D