-
Notifications
You must be signed in to change notification settings - Fork 25
How to Install
1.Install MalConfScan
2.Install MalConfScan-with-Cuckoo
We recommend you to setup MalConfScan and MalConfScan-with-Cuckoo under
virtualenv.
Install MalConfScan into your Cuckoo server. Please check this page to install MalConfScan.
The manual in this page is based on following document.
Development with the Python Package | Cuckoo Sandbox Docs
$ git clone https://github.com/jpcertcc/malconfscan-with-cuckoo.git
$ git clone -b 2.0.6 https://github.com/cuckoosandbox/cuckoo.git
Move to git root of Cuckoo.
$ cd cuckoo
Patch cuckoo with malconfscan.patch
$ patch -p1 < ../MalConfScan-with-Cuckoo/malconfscan.patch
Please read the following document.
Requirements | Cuckoo Sandbox Docs
Move to git root of Cuckoo
$ cd [git-root-of-Cuckoo]
$ python stuff/monitor.py
$ python setup.py sdist develop
$ cuckoo --cwd /opt/cuckoo
For more detail please check the official document.
Create Cuckoo Working Directory | Cuckoo Sandbox Docs
You need to configure following files to be able to run MalConfScan-with-Cuckoo.
- /opt/cuckoo/conf/memory.conf
[malconfscan]
enabled = yes
filter = no
- /opt/cuckoo/conf/processing.conf
[memory]
# Create a Memory dump of the entire Virtual Machine. This memory dump will
# then be analyzed using Volatility to locate interesting events that can be
# extract from memory.
enabled = yes
Choose your sandbox machine's OS profile from the following site and set it into the configuration file.
Profile List | Volatility wiki - GitHub
- /opt/cuckoo/conf/[your_vm_software].conf
osprofile = [your_sandbox_machine's_OS_profile]
OR
- /opt/cuckoo/conf/memory.conf
[basic]
# profile to avoid wasting time identifying it
guest_profile = [your_sandbox_machine's_OS_profile]
Please read the official document to setup hosts, server, network, etc...