Automated Malware Analysis - Part 3

After preparing most of our configurations for the OSX system in Part 2 of the multi-part post on “Automated Malware Analyis” we are finally ready to install our Cuckoo instance. This can be accomplished on either the existing host device (OSX) or in a virtual machine. For my setup, I have a cuckoo instance running on my host machine along with the required software, the commands below is how I achieved this.

Install Python + dependencies - Installed where you have Cuckoo. Most of these can be installed with either pip or easy_install.


$ easy_install python-magic


$ pip install dpkt


$ easy_install sqlalchemy


$ easy_install mako


$ easy_install Jinja2


$ easy_install Bottle

SSDeep - for calculating hashes


$ easy_install pyrex


$ svn checkout pyssdeep

MondoDB and Python Support

$ easy_install pymongo
$ curl > mongodb.tgz


$ brew install pcre

yara and yara-python

$ brew install yara && brew install yara python


$ brew install libpcap

Download & Install Cuckoo

A couple of notes after the install

  1. change permissions for cuckoo
  2. change permissions of tcpdump
first create backup cp tcpdump
$ sudo chmod +s /usr/sbin/tcpdump

At this point, you should have cuckoo installed with all the required dependiences. Next up creating our victim machine.

comments powered by Disqus