Much has been said about Cuckoo Sandbox over the years – on the older PenTestIT blog and at other places, which means that most of us know what this automated malware analysis system is capable of! The reason behind this post is that a few minutes ago, Cuckoo Sandbox 2.0.0 was released!
Cuckoo Sandbox is an open source, multi-platform, modular malware analysis system, that is capable of the following:
- Analyze many different malicious files (executables, document expoits, Java applets) as well as malicious websites, in Windows, OS X, Linux, and Android virtualized environments.
- Trace API calls and general behavior of the file.
- Dump and analyze network traffic, even when encrypted.
- Perform advanced memory analysis of the infected virtualized system with integrated support for Volatility.
I thought of rambling about the same stuff, I should concentrate on highlighting what is new in Cuckoo Sandbox 2.0.0. First, this release brings about a lot many many improvements, new concepts, stability tweaks and has been codenamed as Cuckoo Package. This version also has had a major usability overhaul so much so that the time it takes to install has been reduced drastically.
You can now simply do a
pip install -U cuckoo and have it installed on your systems – provided you have a few of it’s pre-requisites. This release improves the Cuckoo Web Interface a lot providing a simplified user experience to novice as well as advanced users. This includes features like lazy loading and the introduction of Night & Cyborg themes for those who work at night.
We now have official Windows & Mac OS X host support too! Unicode file name & large file support has been improved a lot along with support for the TOR network routing support! Additionally, you can import an existing older Cuckoo setup into this version. A more detailed change of features page can be found here.
Download Cuckoo Sandbox:
You can download Cuckoo Sandbox 2.0.0 here.