After preparing most of our configurations for the OSX system in Part 2 of the multi-part post on “Automated Malware Analyis” we are finally ready to install our Cuckoo instance. This can be accomplished on either the existing host device (OSX) or in a virtual machine. For my setup, I have a cuckoo instance running on my host machine along with the required software, the commands below is how I achieved this.
Install Python + dependencies - Installed where you have Cuckoo. Most of these can be installed with either pip or easy_install.
$ easy_install python-magic
$ pip install dpkt
$ easy_install sqlalchemy
$ easy_install mako
$ easy_install Jinja2
$ easy_install Bottle
SSDeep - for calculating hashes
$ easy_install pyrex
$ svn checkout http://pyssdeep.googlecode.com/svn/trunk/ pyssdeep
MondoDB and Python Support
$ easy_install pymongo $ curl http://downloads.mongodb.org/osx/mongodb-osx-x86_64-2.4.5.tgz > mongodb.tgz
$ brew install pcre
yara and yara-python
$ brew install yara && brew install yara python
$ brew install libpcap
Download & Install Cuckoo
A couple of notes after the install
- change permissions for cuckoo
- change permissions of tcpdump
first create backup cp tcpdump tcpdump.org $ sudo chmod +s /usr/sbin/tcpdump
At this point, you should have cuckoo installed with all the required dependiences. Next up creating our victim machine.