Automated Malware Analysis - Part 1

In this multi-part post I’m going to share a few techniques I use to automate some of the required analysis of suspecious software.

This includes navitve tools on OSX with a victim machine (guest os) in VirtualBox. All analysis is them sent to a Cuckoo instance for automated analysis. Please note this includes a single virtual machines and a host computer, however you could install Cuckoo on a virtual hosts to achieve the same results.

A high-level architecture is below for reference:

architecture

At a minimum you need to have the following software intalled on your OSX device:

  1. Homebrew + additional system libraries
  2. Xcode + commandline tools
  3. Virtualbox + 1 or 2 guest machines, depending on your architecture
  4. Cuckoo application + dependiences (If not in a virtual machine - optional)
  5. Malware :)

Stay tuned, in part 2 we will discuss preparing your host machine.

comments powered by Disqus