<pre>2016-05-25 21:22:32,893 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "test.bin" (task #1, options "") 2016-05-25 21:22:32,985 [lib.cuckoo.core.scheduler] INFO: Task #1: acquired machine cuckoo1 (label=WinXP) 2016-05-25 21:22:32,996 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 28834 (interface=vboxnet0, host=192.168.56.101, pcap=/path/to/cuckoo/storage/analyses/1/dump.pcap) tcpdump: vboxnet0: You don't have permission to capture on that device ((no devices found) /dev/bpf0: Permission denied) 2016-05-25 21:23:49,855 [lib.cuckoo.core.scheduler] ERROR: Timeout hit while for machine WinXP to change status 2016-05-25 21:23:49,868 [lib.cuckoo.core.scheduler] CRITICAL: A critical error has occurred trying to use the machine with name cuckoo1 during an analysis due to which it is no longer in a working state, please report this issue and all of the related environment details to the developers so we can improve this situation. (Note that before we would simply remove this VM from doing any more analyses, but as all the VMs will eventually be depleted that way, hopefully we'll find a better solution now). 2016-05-25 21:23:50,332 [lib.cuckoo.core.scheduler] WARNING: Unable to stop machine WinXP: Trying to stop an already stopped vm WinXP 2016-05-25 21:23:50,444 [modules.processing.behavior] WARNING: Analysis results folder does not exist at path '/path/to/cuckoo/storage/analyses/1/logs'. 2016-05-25 21:23:52,327 [lib.cuckoo.common.objects] WARNING: Unable to import yara (please compile from sources) 2016-05-25 21:23:52,362 [modules.processing.network] WARNING: The PCAP file does not exist at path "/path/to/cuckoo/storage/analyses/1/dump.pcap". 2016-05-25 21:23:54,218 [lib.cuckoo.core.scheduler] INFO: Task #1: reports generation completed (path=/path/to/cuckoo/storage/analyses/1) 2016-05-25 21:23:54,235 [lib.cuckoo.core.scheduler] INFO: Task #1: analysis procedure completed |
<pre>2016-05-26 19:48:46,707 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "test.exe" (task #12, options "") 2016-05-26 19:48:46,769 [lib.cuckoo.core.scheduler] INFO: File already exists at "/path/to/cuckoo/storage/binaries/e37e5e39cc971ca0c196605371d0699b6c1f135378da9d454227e02977571e0f" 2016-05-26 19:48:46,799 [lib.cuckoo.core.scheduler] INFO: Task #12: acquired machine cuckoo1 (label=WinXP) 2016-05-26 19:48:46,806 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 12759 (interface=vboxnet0, host=192.168.56.101, pcap=/path/to/cuckoo/storage/analyses/12/dump.pcap) tcpdump: listening on vboxnet0, link-type EN10MB (Ethernet), capture size 262144 bytes 2016-05-26 19:48:50,893 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.56.101) 2016-05-26 19:49:33,692 [lib.cuckoo.core.scheduler] ERROR: Analysis failed: The package "modules.packages.exe" start function encountered an unhandled exception: Error returned by is32bit: Command '['bin\\is32bit.exe', '-f', u'C:\\DOCUME~1\\sent\\LOCALS~1\\Temp\\test.exe']' returned non-zero exit status 1 236 packets captured 8521 packets received by filter 0 packets dropped by kernel 2016-05-26 19:49:39,519 [lib.cuckoo.core.scheduler] INFO: Task #12: reports generation completed (path=/path/to/cuckoo/storage/analyses/12) 2016-05-26 19:49:39,532 [lib.cuckoo.core.scheduler] INFO: Task #12: analysis procedure completed |
$ brew install pyenv $ if which pyenv > /dev/null; then eval "$(pyenv init -)"; fi $ pyenv install 2.7.11 $ pyenv rehash $ pyenv global 2.7.11
$ easy_install pip $ pip install --upgrade pip
--- requirements.txt 2016-01-12 03:26:34.000000000 +0900 +++ requirements_mod.txt 2016-05-25 18:15:38.000000000 +0900 @@ -2,7 +2,7 @@ beautifulsoup4==4.4.1 cffi==1.2.1 chardet==2.3.0 -cryptography==1.0 +cryptography==1.0.1 Django==1.8.4 dpkt==1.8.6.2 ecdsa==0.13
$ pip install -r requirements.txt
$ brew install homebrew/dupes/tcpdump
$ sudo chmod 644 /dev/bpf*
$ brew install mongodb
$ pip install yara
ip = 192.168.56.1
port = 2042
tcpdump = /usr/local/sbin/tcpdump
path = /usr/local/bin/VBoxManage
interface = vboxnet0
[cuckoo1] # Specify the label name of the current machine as specified in your # VirtualBox configuration. label = WinXP
platform = windows
ip = 192.168.56.101
key = XXXXXXX
VBoxManage failed starting the machine in HEADLESS mode: VBoxManage: error: Failed to load unit 'HGCM' (VERR_SSM_UNEXPECTED_DATA) VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component ConsoleWrap, interface IConsole
VBoxManage failed starting the machine in HEADLESS mode: VBoxManage: error: Failed to load unit 'vga' (VERR_SSM_LOADED_TOO_MUCH) VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component ConsoleWrap, interface IConsole
[+] Starting agent on 0.0.0.0:8000 ...
$ ping 192.168.56.101
> ping 192.168.56.1
$python cuckoo.py
.: :: .-. , : .-. ;;.-. .-. .-. ; ; ; ; ;; .' ; ;'; ;' `;;;;'.'`..:;._`;;;;'_.'` `.`;;' `;;' Cuckoo Sandbox 2.0-rc1 www.cuckoosandbox.org Copyright (c) 2010-2015 Checking for updates... Good! You have the latest version available. 2016-05-25 20:19:31,585 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2016-05-25 20:19:33,565 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2016-05-25 20:19:33,603 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks.
$ python utils/submit.py /path/to/binary
2016-05-26 19:48:46,707 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "test.exe" (task #12, options "") 2016-05-26 19:48:46,769 [lib.cuckoo.core.scheduler] INFO: File already exists at "/path/to/cuckoo/storage/binaries/e37e5e39cc971ca0c196605371d0699b6c1f135378da9d454227e02977571e0f" 2016-05-26 19:48:46,799 [lib.cuckoo.core.scheduler] INFO: Task #12: acquired machine cuckoo1 (label=WinXP) 2016-05-26 19:48:46,806 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 12759 (interface=vboxnet0, host=192.168.56.101, pcap=/path/to/cuckoo/storage/analyses/12/dump.pcap) tcpdump: listening on vboxnet0, link-type EN10MB (Ethernet), capture size 262144 bytes 2016-05-26 19:48:50,893 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.56.101) 2016-05-26 19:49:33,692 [lib.cuckoo.core.scheduler] ERROR: Analysis failed: The package "modules.packages.exe" start function encountered an unhandled exception: Error returned by is32bit: Command '['bin\\is32bit.exe', '-f', u'C:\\DOCUME~1\\sent\\LOCALS~1\\Temp\\test.exe']' returned non-zero exit status 1 236 packets captured 8521 packets received by filter 0 packets dropped by kernel 2016-05-26 19:49:39,519 [lib.cuckoo.core.scheduler] INFO: Task #12: reports generation completed (path=/path/to/cuckoo/storage/analyses/12) 2016-05-26 19:49:39,532 [lib.cuckoo.core.scheduler] INFO: Task #12: analysis procedure completed