Tool: Cuckoo Sandbox (Malware Analysis Tool)

OK, today’s first tool came from Blackhat Conference underway right now.  Note that this isn’t a “blackhat” tool - it is a diagnostic tool for any investigator to determine exactly what a particular malware does - by tracking the following (from the Cuckoo Sandbox homepage):

  • Native functions and Windows API calls traces
  • Copies of files created and deleted from the filesystem
  • Dump of the memory of the selected process
  • Screenshots of the desktop during the execution of the malware analysis
  • Network dump generated by the machine used for the analysis
This tool runs under a Linux system of some type (the installation manual recommends Ubuntu) and requires that you use a virtualization system with it (KVM, VirtualBox, etc).  Will this entire system run as a VM guest?  I’m not sure on that one yet and I haven’t set up my home lab to test a scenario like that as of yet..  It works fine running locally on my system and using VBox.