Cuckoo running on GNU/Linux Network analysis of a ZeuS binary Behavioral analysis of a ZeuS binary

Cuckoo Sandbox

Automated Malware Analysis System
~
Rapid7
About

Cuckoo eats ZeuS v2

In three words, Cuckoo Sandbox is a malware analysis system.

Its goal is to provide you a way to automatically analyze files and collect comprehensive results describing and outlining what such files do while executed inside an isolated environment.

It's mostly used to analyze Windows executables, DLL files, PDF documents, Office documents, PHP scripts, Python scripts, Internet URLs and almost anything else you can imagine.

But it can do much more...
It's up to you to discover what and how.

Some of the results that Cuckoo generates are:

  • Trace of performed relevant win32 API calls
  • Dump of network traffic generated during analysis
  • Creation of screenshots taken during analysis
  • Dump of files created, deleted and downloaded by the malware during analysis
  • Trace of assembly instructions executed by malware process
In addition, Cuckoo allows you to:
  • Automate submission of analysis tasks
  • Create analysis packages to define custom operations and procedures for performing an analysis
  • Run multiple virtual machines concurrently
  • Script the process and correlation of analysis results data
  • Script and automate the generation of reports in the format you prefer

^

Download

Current Cuckoo Sandbox's version is 0.3.2.

Download latest release! (MD5)

You can otherwise get the latest development stage from our official git repository through the following command:

git clone git://github.com/cuckoobox/cuckoo.git

Please beware that even if it might contain new features, bug fixes and several updates, the version available on the git repository has to be under development and it most likely lack of an updated documentation.

For historical reasons, you can browse and download the older releases.

^

Documentation

Cuckoo Sandbox's package provides a comprehensive documentation explaining how to set it up, use it and customize it.
When downloading Cuckoo, you'll find the user guide and additional documentation inside the bundle.

Read the book online! (PDF | TXT)

^

Donations

Cuckoo Sandbox is an open source software developed by volunteering oompa loompas who dedicated a lot of their free and sleep time to provide you a good product to use for free.

If you want to see it kept being developed, if you use it actively and commercially or if you just appreciate our efforts, you might want to consider making us a donation.

For a small donation, you can like our thing on Flattr:

If you would like to make a larger donations or propose other forms of support, you can contact us at donations at cuckoobox dot org.

^

Contacts

You can follow Cuckoo on twitter at @cuckoosandbox.

You can get in contact with the developers and other Cuckoo Sandbox's users registering at our official mailing list kindly provided by The Honeynet Project.

You can also chat with us at our official IRC channel #cuckoobox at FreeNode.

Cuckoo Sandbox developers are:

  • Claudio "nex" Guarnieri (@botherder)
  • Dario Fernandes
  • Alessandro "jekil" Tanasi (@jekil)

^