Automated Malware Analysis - Part 3

After preparing most of our configurations for the OSX system in Part 2 of the multi-part post on “Automated Malware Analyis” we are finally ready to install our Cuckoo instance. This can be accomplished on either the existing host device (OSX) or in a virtual machine. For my setup, I have a cuckoo instance running on my host machine along with the required software, the commands below is how I achieved this.

Install Python + dependencies - Installed where you have Cuckoo. Most of these can be installed with either pip or easy_install.

python-magic

$ easy_install python-magic

python-dpkt

$ pip install dpkt

python-sqlalchemy

$ easy_install sqlalchemy

python-mako

$ easy_install mako

python-jinja

$ easy_install Jinja2

python-bottle

$ easy_install Bottle

SSDeep - for calculating hashes

python-pyrex

$ easy_install pyrex

pyssdeep

$ svn checkout http://pyssdeep.googlecode.com/svn/trunk/ pyssdeep

MondoDB and Python Support

$ easy_install pymongo
$ curl http://downloads.mongodb.org/osx/mongodb-osx-x86_64-2.4.5.tgz > mongodb.tgz

pcregrep

$ brew install pcre

yara and yara-python

$ brew install yara && brew install yara python

libpcap

$ brew install libpcap

Download & Install Cuckoo

A couple of notes after the install

  1. change permissions for cuckoo
  2. change permissions of tcpdump
first create backup cp tcpdump tcpdump.org
$ sudo chmod +s /usr/sbin/tcpdump

At this point, you should have cuckoo installed with all the required dependiences. Next up creating our victim machine.

comments powered by Disqus