How to Install - JPCERTCC/MalConfScan-with-Cuckoo GitHub Wiki
1.Install MalConfScan
2.Install MalConfScan-with-Cuckoo
We recommend you to setup MalConfScan and MalConfScan-with-Cuckoo under
virtualenv.
1. Install MalConfScan
Install MalConfScan into your Cuckoo server. Please check this page to install MalConfScan.
2. Install MalConfScan-with-Cuckoo
The manual in this page is based on following document.
Development with the Python Package | Cuckoo Sandbox Docs
2.1. Clone MalConfScan-with-Cuckoo from GitHub.
$ git clone https://github.com/jpcertcc/malconfscan-with-cuckoo.git
2.2. Clone Cuckoo from GitHub.
$ git clone -b 2.0.6 https://github.com/cuckoosandbox/cuckoo.git
2.3. Patch Cuckoo
Move to git root of Cuckoo.
$ cd cuckoo
Patch cuckoo with malconfscan.patch
$ patch -p1 < ../MalConfScan-with-Cuckoo/malconfscan.patch
2.4. Install requirement for Cuckoo
Please read the following document.
Requirements | Cuckoo Sandbox Docs
2.5. Install Cuckoo
Move to git root of Cuckoo
$ cd [git-root-of-Cuckoo]
$ python stuff/monitor.py
$ python setup.py sdist develop
2.6. Create Cuckoo Working Directory
$ cuckoo --cwd /opt/cuckoo
For more detail please check the official document.
Create Cuckoo Working Directory | Cuckoo Sandbox Docs
2.7. Configuration for MalConfScan-with-Cuckoo
You need to configure following files to be able to run MalConfScan-with-Cuckoo.
Activate MalConfScan plugin
- /opt/cuckoo/conf/memory.conf
[malconfscan] enabled = yes filter = no
Activate memory analysis
- /opt/cuckoo/conf/processing.conf
[memory] # Create a Memory dump of the entire Virtual Machine. This memory dump will # then be analyzed using Volatility to locate interesting events that can be # extract from memory. enabled = yes
Set your sandbox machine's OS profile
Choose your sandbox machine's OS profile from the following site and set it into the configuration file.
Profile List | Volatility wiki - GitHub
- /opt/cuckoo/conf/[your_vm_software].conf
osprofile = [your_sandbox_machine's_OS_profile]
OR
- /opt/cuckoo/conf/memory.conf
[basic] # profile to avoid wasting time identifying it guest_profile = [your_sandbox_machine's_OS_profile]
2.8. Other settings
Please read the official document to setup hosts, server, network, etc...