Issue win7: not ready yet
usmanm259 opened this issue · comments
Agent does not show any activity when i run cuckoo analysis
both machines cuckoo host and cuckoo guest are reachable using ping
config files
File: auxiliary.conf
File: cuckoo.conf
File: virtualbox.conf
sudo ./cuckoo.py -d
2018-02-14 19:35:34,216 [root] DEBUG: Importing modules...
2018-02-14 19:35:34,730 [root] DEBUG: Imported "signatures" modules:
2018-02-14 19:35:34,731 [root] DEBUG: |-- Alphacrypt_APIs
2018-02-14 19:35:34,731 [root] DEBUG: |-- Andromeda_APIs
2018-02-14 19:35:34,731 [root] DEBUG: |-- AntiAnalysisDetectFile
2018-02-14 19:35:34,731 [root] DEBUG: |-- AntiAnalysisDetectReg
2018-02-14 19:35:34,731 [root] DEBUG: |-- AvastDetectLibs
2018-02-14 19:35:34,731 [root] DEBUG: |-- BitdefenderDetectLibs
2018-02-14 19:35:34,731 [root] DEBUG: |-- AntiAVDetectFile
2018-02-14 19:35:34,732 [root] DEBUG: |-- AntiAVDetectReg
2018-02-14 19:35:34,732 [root] DEBUG: |-- AntiAVServiceStop
2018-02-14 19:35:34,732 [root] DEBUG: |-- AntiAVSRP
2018-02-14 19:35:34,732 [root] DEBUG: |-- AntiDBGDevices
2018-02-14 19:35:34,732 [root] DEBUG: |-- AntiDBGWindows
2018-02-14 19:35:34,732 [root] DEBUG: |-- WineDetectReg
2018-02-14 19:35:34,732 [root] DEBUG: |-- WineDetectFunc
2018-02-14 19:35:34,733 [root] DEBUG: |-- AntiCuckoo
2018-02-14 19:35:34,733 [root] DEBUG: |-- CuckooDetectFiles
2018-02-14 19:35:34,733 [root] DEBUG: |-- CuckooCrash
2018-02-14 19:35:34,733 [root] DEBUG: |-- FortinetDetectFiles
2018-02-14 19:35:34,733 [root] DEBUG: |-- SandboxJoeAnubisDetectFiles
2018-02-14 19:35:34,733 [root] DEBUG: |-- HookMouse
2018-02-14 19:35:34,733 [root] DEBUG: |-- AntiSandboxRestart
2018-02-14 19:35:34,734 [root] DEBUG: |-- SandboxieDetectLibs
2018-02-14 19:35:34,734 [root] DEBUG: |-- AntisandboxSboxieMutex
2018-02-14 19:35:34,734 [root] DEBUG: |-- AntiSandboxSboxieObjects
2018-02-14 19:35:34,734 [root] DEBUG: |-- AntiSandboxScriptTimer
2018-02-14 19:35:34,734 [root] DEBUG: |-- AntiSandboxSleep
2018-02-14 19:35:34,734 [root] DEBUG: |-- SunbeltDetectFiles
2018-02-14 19:35:34,734 [root] DEBUG: |-- SunbeltDetectLibs
2018-02-14 19:35:34,735 [root] DEBUG: |-- AntiSandboxSuspend
2018-02-14 19:35:34,735 [root] DEBUG: |-- ThreatTrackDetectFiles
2018-02-14 19:35:34,735 [root] DEBUG: |-- Unhook
2018-02-14 19:35:34,735 [root] DEBUG: |-- KnownVirustotal
2018-02-14 19:35:34,735 [root] DEBUG: |-- BochsDetectKeys
2018-02-14 19:35:34,735 [root] DEBUG: |-- AntiVMDirectoryObjects
2018-02-14 19:35:34,735 [root] DEBUG: |-- AntiVMBios
2018-02-14 19:35:34,736 [root] DEBUG: |-- AntiVMCPU
2018-02-14 19:35:34,736 [root] DEBUG: |-- DiskInformation
2018-02-14 19:35:34,736 [root] DEBUG: |-- SetupAPIDiskInformation
2018-02-14 19:35:34,736 [root] DEBUG: |-- AntiVMDiskReg
2018-02-14 19:35:34,736 [root] DEBUG: |-- AntiVMSCSI
2018-02-14 19:35:34,736 [root] DEBUG: |-- AntiVMServices
2018-02-14 19:35:34,736 [root] DEBUG: |-- AntiVMSystem
2018-02-14 19:35:34,737 [root] DEBUG: |-- HyperVDetectKeys
2018-02-14 19:35:34,737 [root] DEBUG: |-- ParallelsDetectKeys
2018-02-14 19:35:34,737 [root] DEBUG: |-- VBoxDetectDevices
2018-02-14 19:35:34,737 [root] DEBUG: |-- VBoxDetectFiles
2018-02-14 19:35:34,737 [root] DEBUG: |-- VBoxDetectKeys
2018-02-14 19:35:34,737 [root] DEBUG: |-- VBoxDetectLibs
2018-02-14 19:35:34,737 [root] DEBUG: |-- VBoxDetectProvname
2018-02-14 19:35:34,737 [root] DEBUG: |-- VBoxDetectWindow
2018-02-14 19:35:34,738 [root] DEBUG: |-- VMwareDetectDevices
2018-02-14 19:35:34,738 [root] DEBUG: |-- VMwareDetectEvent
2018-02-14 19:35:34,738 [root] DEBUG: |-- VMwareDetectFiles
2018-02-14 19:35:34,738 [root] DEBUG: |-- VMwareDetectKeys
2018-02-14 19:35:34,738 [root] DEBUG: |-- VMwareDetectLibs
2018-02-14 19:35:34,738 [root] DEBUG: |-- VMwareDetectMutexes
2018-02-14 19:35:34,738 [root] DEBUG: |-- VPCDetectFiles
2018-02-14 19:35:34,739 [root] DEBUG: |-- VPCDetectKeys
2018-02-14 19:35:34,739 [root] DEBUG: |-- VPCDetectMutex
2018-02-14 19:35:34,739 [root] DEBUG: |-- XenDetectKeys
2018-02-14 19:35:34,739 [root] DEBUG: |-- APISpamming
2018-02-14 19:35:34,739 [root] DEBUG: |-- BadCerts
2018-02-14 19:35:34,739 [root] DEBUG: |-- BadSSLCerts
2018-02-14 19:35:34,739 [root] DEBUG: |-- Cridex
2018-02-14 19:35:34,739 [root] DEBUG: |-- Geodo
2018-02-14 19:35:34,740 [root] DEBUG: |-- Prinimalka
2018-02-14 19:35:34,740 [root] DEBUG: |-- SpyEyeMutexes
2018-02-14 19:35:34,740 [root] DEBUG: |-- ZeusMutexes
2018-02-14 19:35:34,740 [root] DEBUG: |-- ZeusP2P
2018-02-14 19:35:34,740 [root] DEBUG: |-- ZeusURL
2018-02-14 19:35:34,740 [root] DEBUG: |-- BCDEditCommand
2018-02-14 19:35:34,740 [root] DEBUG: |-- BetaBot_APIs
2018-02-14 19:35:34,741 [root] DEBUG: |-- BitcoinOpenCL
2018-02-14 19:35:34,741 [root] DEBUG: |-- Bootkit
2018-02-14 19:35:34,741 [root] DEBUG: |-- AthenaHttp
2018-02-14 19:35:34,741 [root] DEBUG: |-- DirtJumper
2018-02-14 19:35:34,741 [root] DEBUG: |-- Drive
2018-02-14 19:35:34,741 [root] DEBUG: |-- Drive2
2018-02-14 19:35:34,742 [root] DEBUG: |-- Madness
2018-02-14 19:35:34,742 [root] DEBUG: |-- Ruskill
2018-02-14 19:35:34,742 [root] DEBUG: |-- BrowserAddon
2018-02-14 19:35:34,742 [root] DEBUG: |-- BrowserHelperObject
2018-02-14 19:35:34,742 [root] DEBUG: |-- BrowserNeeded
2018-02-14 19:35:34,742 [root] DEBUG: |-- ModifyProxy
2018-02-14 19:35:34,742 [root] DEBUG: |-- BrowserScanbox
2018-02-14 19:35:34,743 [root] DEBUG: |-- BrowserSecurity
2018-02-14 19:35:34,743 [root] DEBUG: |-- browser_startpage
2018-02-14 19:35:34,743 [root] DEBUG: |-- BypassFirewall
2018-02-14 19:35:34,743 [root] DEBUG: |-- CarberpMutexes
2018-02-14 19:35:34,743 [root] DEBUG: |-- Cerber_APIs
2018-02-14 19:35:34,743 [root] DEBUG: |-- Chimera_APIs
2018-02-14 19:35:34,743 [root] DEBUG: |-- ClamAV
2018-02-14 19:35:34,743 [root] DEBUG: |-- ClickfraudCookies
2018-02-14 19:35:34,744 [root] DEBUG: |-- ClickfraudVolume
2018-02-14 19:35:34,744 [root] DEBUG: |-- CodeLux_APIs
2018-02-14 19:35:34,744 [root] DEBUG: |-- CopiesSelf
2018-02-14 19:35:34,744 [root] DEBUG: |-- CreatesExe
2018-02-14 19:35:34,744 [root] DEBUG: |-- CreatesLargeKey
2018-02-14 19:35:34,744 [root] DEBUG: |-- CreatesNullValue
2018-02-14 19:35:34,744 [root] DEBUG: |-- CriticalProcess
2018-02-14 19:35:34,745 [root] DEBUG: |-- CryptoWall_APIs
2018-02-14 19:35:34,745 [root] DEBUG: |-- CVE_2014_6332
2018-02-14 19:35:34,745 [root] DEBUG: |-- CVE2015_2419_JS
2018-02-14 19:35:34,745 [root] DEBUG: |-- CVE_2016_0189
2018-02-14 19:35:34,745 [root] DEBUG: |-- CVE_2016_7200
2018-02-14 19:35:34,745 [root] DEBUG: |-- DarkCometRegkeys
2018-02-14 19:35:34,745 [root] DEBUG: |-- DeadConnect
2018-02-14 19:35:34,745 [root] DEBUG: |-- DeadLink
2018-02-14 19:35:34,746 [root] DEBUG: |-- DebugsSelf
2018-02-14 19:35:34,746 [root] DEBUG: |-- DecoyDocument
2018-02-14 19:35:34,746 [root] DEBUG: |-- DeepFreezeMutex
2018-02-14 19:35:34,746 [root] DEBUG: |-- DeletesSelf
2018-02-14 19:35:34,746 [root] DEBUG: |-- DeletesShadowCopies
2018-02-14 19:35:34,746 [root] DEBUG: |-- DEPBypass
2018-02-14 19:35:34,746 [root] DEBUG: |-- DEPDisable
2018-02-14 19:35:34,747 [root] DEBUG: |-- DisablesAppLaunch
2018-02-14 19:35:34,747 [root] DEBUG: |-- DisablesBrowserWarn
2018-02-14 19:35:34,747 [root] DEBUG: |-- DisablesSPDY
2018-02-14 19:35:34,747 [root] DEBUG: |-- DisablesSystemRestore
2018-02-14 19:35:34,747 [root] DEBUG: |-- DisablesUAC
2018-02-14 19:35:34,747 [root] DEBUG: |-- DisablesWER
2018-02-14 19:35:34,747 [root] DEBUG: |-- DisablesWFP
2018-02-14 19:35:34,747 [root] DEBUG: |-- DisablesWindowsDefender
2018-02-14 19:35:34,748 [root] DEBUG: |-- DisablesWindowsUpdate
2018-02-14 19:35:34,748 [root] DEBUG: |-- DownloaderCabby
2018-02-14 19:35:34,748 [root] DEBUG: |-- Dridex_APIs
2018-02-14 19:35:34,748 [root] DEBUG: |-- DriverLoad
2018-02-14 19:35:34,748 [root] DEBUG: |-- Dropper
2018-02-14 19:35:34,748 [root] DEBUG: |-- EXEDropper_JS
2018-02-14 19:35:34,748 [root] DEBUG: |-- Dyre_APIs
2018-02-14 19:35:34,749 [root] DEBUG: |-- Angler_JS
2018-02-14 19:35:34,749 [root] DEBUG: |-- Gondad_JS
2018-02-14 19:35:34,749 [root] DEBUG: |-- HeapSpray_JS
2018-02-14 19:35:34,749 [root] DEBUG: |-- Java_JS
2018-02-14 19:35:34,749 [root] DEBUG: |-- Neutrino_JS
2018-02-14 19:35:34,749 [root] DEBUG: |-- Nuclear_JS
2018-02-14 19:35:34,749 [root] DEBUG: |-- RIG_JS
2018-02-14 19:35:34,750 [root] DEBUG: |-- Silverlight_JS
2018-02-14 19:35:34,750 [root] DEBUG: |-- Sundown_JS
2018-02-14 19:35:34,750 [root] DEBUG: |-- Virtualcheck_JS
2018-02-14 19:35:34,750 [root] DEBUG: |-- EncryptedIOC
2018-02-14 19:35:34,750 [root] DEBUG: |-- Crash
2018-02-14 19:35:34,750 [root] DEBUG: |-- FamilyProxyBack
2018-02-14 19:35:34,750 [root] DEBUG: |-- SystemMetrics
2018-02-14 19:35:34,751 [root] DEBUG: |-- Generic_Phish
2018-02-14 19:35:34,751 [root] DEBUG: |-- Gootkit_APIs
2018-02-14 19:35:34,751 [root] DEBUG: |-- H1N1_APIs
2018-02-14 19:35:34,751 [root] DEBUG: |-- Hancitor_APIs
2018-02-14 19:35:34,751 [root] DEBUG: |-- HawkEye_APIs
2018-02-14 19:35:34,751 [root] DEBUG: |-- BitcoinWallet
2018-02-14 19:35:34,751 [root] DEBUG: |-- BrowserStealer
2018-02-14 19:35:34,751 [root] DEBUG: |-- InfostealerBrowserPassword
2018-02-14 19:35:34,752 [root] DEBUG: |-- FTPStealer
2018-02-14 19:35:34,752 [root] DEBUG: |-- IMStealer
2018-02-14 19:35:34,752 [root] DEBUG: |-- KeyLogger
2018-02-14 19:35:34,752 [root] DEBUG: |-- EmailStealer
2018-02-14 19:35:34,752 [root] DEBUG: |-- InjectionCRT
2018-02-14 19:35:34,752 [root] DEBUG: |-- InjectionExplorer
2018-02-14 19:35:34,752 [root] DEBUG: |-- InjectionExtension
2018-02-14 19:35:34,753 [root] DEBUG: |-- InjectionRUNPE
2018-02-14 19:35:34,753 [root] DEBUG: |-- InjectionRWX
2018-02-14 19:35:34,753 [root] DEBUG: |-- Internet_Dropper
2018-02-14 19:35:34,753 [root] DEBUG: |-- IPC_NamedPipe
2018-02-14 19:35:34,753 [root] DEBUG: |-- iSpyKeylogger_APIs
2018-02-14 19:35:34,753 [root] DEBUG: |-- JS_Phish
2018-02-14 19:35:34,753 [root] DEBUG: |-- JS_SuspiciousRedirect
2018-02-14 19:35:34,753 [root] DEBUG: |-- KazyBot_APIs
2018-02-14 19:35:34,754 [root] DEBUG: |-- Kelihos_APIs
2018-02-14 19:35:34,754 [root] DEBUG: |-- Kibex_APIs
2018-02-14 19:35:34,754 [root] DEBUG: |-- Kovter_APIs
2018-02-14 19:35:34,754 [root] DEBUG: |-- KrakenMutexes
2018-02-14 19:35:34,754 [root] DEBUG: |-- DisableRegedit
2018-02-14 19:35:34,754 [root] DEBUG: |-- DisableTaskMgr
2018-02-14 19:35:34,754 [root] DEBUG: |-- Locky_APIs
2018-02-14 19:35:34,754 [root] DEBUG: |-- MartiansIE
2018-02-14 19:35:34,755 [root] DEBUG: |-- MartiansOffice
2018-02-14 19:35:34,755 [root] DEBUG: |-- MimicsAgent
2018-02-14 19:35:34,755 [root] DEBUG: |-- MimicsExtension
2018-02-14 19:35:34,755 [root] DEBUG: |-- MimicsFiletime
2018-02-14 19:35:34,755 [root] DEBUG: |-- MimicsIcon
2018-02-14 19:35:34,755 [root] DEBUG: |-- ModifiesCerts
2018-02-14 19:35:34,755 [root] DEBUG: |-- Modifies_HostFile
2018-02-14 19:35:34,755 [root] DEBUG: |-- ModifySecurityCenterWarnings
2018-02-14 19:35:34,755 [root] DEBUG: |-- ModifiesUACNotify
2018-02-14 19:35:34,756 [root] DEBUG: |-- ModifiesDesktopWallpaper
2018-02-14 19:35:34,756 [root] DEBUG: |-- Multiple_UA
2018-02-14 19:35:34,756 [root] DEBUG: |-- NetworkAnomaly
2018-02-14 19:35:34,756 [root] DEBUG: |-- NetworkBIND
2018-02-14 19:35:34,756 [root] DEBUG: |-- NetworkCnCHTTP
2018-02-14 19:35:34,756 [root] DEBUG: |-- NetworkDGA
2018-02-14 19:35:34,756 [root] DEBUG: |-- NetworkDocumentHTTP
2018-02-14 19:35:34,756 [root] DEBUG: |-- NetworkExcessiveUDP
2018-02-14 19:35:34,757 [root] DEBUG: |-- NetworkHTTP
2018-02-14 19:35:34,757 [root] DEBUG: |-- NetworkICMP
2018-02-14 19:35:34,757 [root] DEBUG: |-- NetworkIRC
2018-02-14 19:35:34,757 [root] DEBUG: |-- NetworkSMTP
2018-02-14 19:35:34,757 [root] DEBUG: |-- Tor
2018-02-14 19:35:34,757 [root] DEBUG: |-- TorHiddenService
2018-02-14 19:35:34,757 [root] DEBUG: |-- TorGateway
2018-02-14 19:35:34,757 [root] DEBUG: |-- Nymaim_APIs
2018-02-14 19:35:34,757 [root] DEBUG: |-- Office_Code_Page
2018-02-14 19:35:34,758 [root] DEBUG: |-- Office_Macro
2018-02-14 19:35:34,758 [root] DEBUG: |-- OfficeSecurity
2018-02-14 19:35:34,758 [root] DEBUG: |-- OfficeWriteEXE
2018-02-14 19:35:34,758 [root] DEBUG: |-- BuildLangID
2018-02-14 19:35:34,758 [root] DEBUG: |-- ResourceLangID
2018-02-14 19:35:34,758 [root] DEBUG: |-- ArmadilloMutex
2018-02-14 19:35:34,758 [root] DEBUG: |-- ArmadilloRegKey
2018-02-14 19:35:34,758 [root] DEBUG: |-- ConfuserPacked
2018-02-14 19:35:34,758 [root] DEBUG: |-- PackerEntropy
2018-02-14 19:35:34,759 [root] DEBUG: |-- SmartAssemblyPacked
2018-02-14 19:35:34,759 [root] DEBUG: |-- ThemidaPacked
2018-02-14 19:35:34,759 [root] DEBUG: |-- UPXCompressed
2018-02-14 19:35:34,759 [root] DEBUG: |-- VMPPacked
2018-02-14 19:35:34,759 [root] DEBUG: |-- PDF_Annot_URLs
2018-02-14 19:35:34,759 [root] DEBUG: |-- ADS
2018-02-14 19:35:34,759 [root] DEBUG: |-- Autorun
2018-02-14 19:35:34,759 [root] DEBUG: |-- PersistenceBootexecute
2018-02-14 19:35:34,759 [root] DEBUG: |-- PersistenceService
2018-02-14 19:35:34,760 [root] DEBUG: |-- Polymorphic
2018-02-14 19:35:34,760 [root] DEBUG: |-- Pony_APIs
2018-02-14 19:35:34,760 [root] DEBUG: |-- PowershellCommand
2018-02-14 19:35:34,760 [root] DEBUG: |-- PunchPlusPlusPCREs
2018-02-14 19:35:34,760 [root] DEBUG: |-- PreventsSafeboot
2018-02-14 19:35:34,760 [root] DEBUG: |-- ProcessInterest
2018-02-14 19:35:34,760 [root] DEBUG: |-- ProcessNeeded
2018-02-14 19:35:34,760 [root] DEBUG: |-- Procmem_Yara
2018-02-14 19:35:34,761 [root] DEBUG: |-- RansomwareDMALocker
2018-02-14 19:35:34,761 [root] DEBUG: |-- RansomwareExtensions
2018-02-14 19:35:34,761 [root] DEBUG: |-- RansomwareFileModifications
2018-02-14 19:35:34,761 [root] DEBUG: |-- RansomwareFiles
2018-02-14 19:35:34,761 [root] DEBUG: |-- RansomwareMessage
2018-02-14 19:35:34,761 [root] DEBUG: |-- RansomwareRadamant
2018-02-14 19:35:34,761 [root] DEBUG: |-- RansomwareRecyclebin
2018-02-14 19:35:34,761 [root] DEBUG: |-- BeebusMutexes
2018-02-14 19:35:34,761 [root] DEBUG: |-- FynloskiMutexes
2018-02-14 19:35:34,762 [root] DEBUG: |-- LuminosityRAT
2018-02-14 19:35:34,762 [root] DEBUG: |-- NanocoreRAT
2018-02-14 19:35:34,762 [root] DEBUG: |-- PcClientMutexes
2018-02-14 19:35:34,762 [root] DEBUG: |-- PlugxMutexes
2018-02-14 19:35:34,762 [root] DEBUG: |-- PoisonIvyMutexes
2018-02-14 19:35:34,762 [root] DEBUG: |-- QuasarMutexes
2018-02-14 19:35:34,762 [root] DEBUG: |-- SpynetRat
2018-02-14 19:35:34,762 [root] DEBUG: |-- XtremeMutexes
2018-02-14 19:35:34,762 [root] DEBUG: |-- ReadsSelf
2018-02-14 19:35:34,763 [root] DEBUG: |-- Recon_Beacon
2018-02-14 19:35:34,763 [root] DEBUG: |-- CheckIP
2018-02-14 19:35:34,763 [root] DEBUG: |-- Fingerprint
2018-02-14 19:35:34,763 [root] DEBUG: |-- InstalledApps
2018-02-14 19:35:34,763 [root] DEBUG: |-- SystemInfo
2018-02-14 19:35:34,763 [root] DEBUG: |-- RemovesZoneIdADS
2018-02-14 19:35:34,763 [root] DEBUG: |-- Secure_Login_Phish
2018-02-14 19:35:34,763 [root] DEBUG: |-- SecurityXploded_Modules
2018-02-14 19:35:34,763 [root] DEBUG: |-- SetsAutoconfigURL
2018-02-14 19:35:34,764 [root] DEBUG: |-- Shifu_APIs
2018-02-14 19:35:34,764 [root] DEBUG: |-- InstallsWinpcap
2018-02-14 19:35:34,764 [root] DEBUG: |-- SpoofsProcname
2018-02-14 19:35:34,764 [root] DEBUG: |-- CreatesAutorunInf
2018-02-14 19:35:34,764 [root] DEBUG: |-- StackPivot
2018-02-14 19:35:34,764 [root] DEBUG: |-- Authenticode
2018-02-14 19:35:34,764 [root] DEBUG: |-- DotNetAnomaly
2018-02-14 19:35:34,764 [root] DEBUG: |-- Static_Java
2018-02-14 19:35:34,764 [root] DEBUG: |-- Static_PDF
2018-02-14 19:35:34,765 [root] DEBUG: |-- PEAnomaly
2018-02-14 19:35:34,765 [root] DEBUG: |-- RATConfig
2018-02-14 19:35:34,765 [root] DEBUG: |-- VersionInfoAnomaly
2018-02-14 19:35:34,765 [root] DEBUG: |-- StealthChildProc
2018-02-14 19:35:34,765 [root] DEBUG: |-- StealthFile
2018-02-14 19:35:34,765 [root] DEBUG: |-- StealthHiddenExtension
2018-02-14 19:35:34,765 [root] DEBUG: |-- StealthHiddenReg
2018-02-14 19:35:34,765 [root] DEBUG: |-- StealthHideNotifications
2018-02-14 19:35:34,765 [root] DEBUG: |-- StealthNetwork
2018-02-14 19:35:34,766 [root] DEBUG: |-- StealthTimeout
2018-02-14 19:35:34,766 [root] DEBUG: |-- StealthWebHistory
2018-02-14 19:35:34,766 [root] DEBUG: |-- Hidden_Window
2018-02-14 19:35:34,766 [root] DEBUG: |-- SuricataAlert
2018-02-14 19:35:34,766 [root] DEBUG: |-- Flame
2018-02-14 19:35:34,766 [root] DEBUG: |-- Tinba_APIs
2018-02-14 19:35:34,766 [root] DEBUG: |-- TrickBotTaskDelete
2018-02-14 19:35:34,766 [root] DEBUG: |-- TrickBotMutexes
2018-02-14 19:35:34,766 [root] DEBUG: |-- FleerCivetMutexes
2018-02-14 19:35:34,767 [root] DEBUG: |-- Troldesh_APIs
2018-02-14 19:35:34,767 [root] DEBUG: |-- Upatre_APIs
2018-02-14 19:35:34,767 [root] DEBUG: |-- Ursnif_APIs
2018-02-14 19:35:34,767 [root] DEBUG: |-- UserEnum
2018-02-14 19:35:34,767 [root] DEBUG: |-- Vawtrak_APIs
2018-02-14 19:35:34,767 [root] DEBUG: |-- Vawtrak_APIs
2018-02-14 19:35:34,767 [root] DEBUG: |-- Virus
2018-02-14 19:35:34,767 [root] DEBUG: |-- VolDevicetree1
2018-02-14 19:35:34,767 [root] DEBUG: |-- VolHandles1
2018-02-14 19:35:34,768 [root] DEBUG: |-- VolLdrModules1
2018-02-14 19:35:34,768 [root] DEBUG: |-- VolLdrModules2
2018-02-14 19:35:34,768 [root] DEBUG: |-- VolMalfind1
2018-02-14 19:35:34,768 [root] DEBUG: |-- VolMalfind2
2018-02-14 19:35:34,768 [root] DEBUG: |-- VolModscan1
2018-02-14 19:35:34,768 [root] DEBUG: |-- VolSvcscan1
2018-02-14 19:35:34,768 [root] DEBUG: |-- VolSvcscan2
2018-02-14 19:35:34,768 [root] DEBUG: |-- VolSvcscan3
2018-02-14 19:35:34,768 [root] DEBUG: |-- Webmail_Phish
2018-02-14 19:35:34,769 [root] DEBUG: |-- WHOIS_Create
2018-02-14 19:35:34,769 [root] DEBUG: -- WscriptDownloaderHTTP 2018-02-14 19:35:34,769 [root] DEBUG: Imported "auxiliary" modules: 2018-02-14 19:35:34,769 [root] DEBUG: |-- Sniffer 2018-02-14 19:35:34,769 [root] DEBUG: -- Tor
2018-02-14 19:35:34,769 [root] DEBUG: Imported "processing" modules:
2018-02-14 19:35:34,769 [root] DEBUG: |-- AnalysisInfo
2018-02-14 19:35:34,769 [root] DEBUG: |-- BehaviorAnalysis
2018-02-14 19:35:34,769 [root] DEBUG: |-- CIF
2018-02-14 19:35:34,769 [root] DEBUG: |-- Debug
2018-02-14 19:35:34,770 [root] DEBUG: |-- Decompression
2018-02-14 19:35:34,770 [root] DEBUG: |-- Dropped
2018-02-14 19:35:34,770 [root] DEBUG: |-- Memory
2018-02-14 19:35:34,770 [root] DEBUG: |-- NetworkAnalysis
2018-02-14 19:35:34,770 [root] DEBUG: |-- ProcessMemory
2018-02-14 19:35:34,770 [root] DEBUG: |-- Static
2018-02-14 19:35:34,770 [root] DEBUG: |-- Strings
2018-02-14 19:35:34,770 [root] DEBUG: |-- Suricata
2018-02-14 19:35:34,770 [root] DEBUG: |-- TargetInfo
2018-02-14 19:35:34,771 [root] DEBUG: |-- Usage
2018-02-14 19:35:34,771 [root] DEBUG: -- VirusTotal 2018-02-14 19:35:34,771 [root] DEBUG: Imported "machinery" modules: 2018-02-14 19:35:34,771 [root] DEBUG: -- VirtualBox
2018-02-14 19:35:34,771 [root] DEBUG: Imported "feeds" modules:
2018-02-14 19:35:34,771 [root] DEBUG: |-- AbuseCH_SSL
2018-02-14 19:35:34,771 [root] DEBUG: -- Punch_Plus_Plus_PCREs 2018-02-14 19:35:34,771 [root] DEBUG: Imported "reporting" modules: 2018-02-14 19:35:34,772 [root] DEBUG: |-- Compression 2018-02-14 19:35:34,772 [root] DEBUG: |-- ElasticsearchDB 2018-02-14 19:35:34,772 [root] DEBUG: |-- JsonDump 2018-02-14 19:35:34,772 [root] DEBUG: |-- MAEC41Report 2018-02-14 19:35:34,772 [root] DEBUG: |-- Malheur 2018-02-14 19:35:34,772 [root] DEBUG: |-- MISP 2018-02-14 19:35:34,772 [root] DEBUG: |-- MMDef 2018-02-14 19:35:34,772 [root] DEBUG: |-- Moloch 2018-02-14 19:35:34,772 [root] DEBUG: |-- MongoDB 2018-02-14 19:35:34,773 [root] DEBUG: |-- ReportHTML 2018-02-14 19:35:34,773 [root] DEBUG: |-- ReportHTMLSummary 2018-02-14 19:35:34,773 [root] DEBUG: |-- ReportPDF 2018-02-14 19:35:34,773 [root] DEBUG: |-- ReSubmitExtractedEXE 2018-02-14 19:35:34,773 [root] DEBUG: |-- Retention 2018-02-14 19:35:34,773 [root] DEBUG: -- Syslog
2018-02-14 19:35:34,775 [root] DEBUG: Checking for locked tasks...
2018-02-14 19:35:34,939 [root] INFO: Updated running task ID 4 status to failed_analysis
2018-02-14 19:35:34,939 [root] DEBUG: Initializing Yara...
2018-02-14 19:35:34,940 [root] DEBUG: |-- index_binaries.yar
2018-02-14 19:35:34,941 [root] DEBUG: |-- index_memory.yar
2018-02-14 19:35:34,941 [root] DEBUG: |-- index_Crypto.yar
2018-02-14 19:35:34,941 [root] DEBUG: |-- index_email.yar
2018-02-14 19:35:34,941 [root] DEBUG: |-- index_Exploit-Kits.yar
2018-02-14 19:35:34,941 [root] DEBUG: |-- index_Malicious_Documents.yar
2018-02-14 19:35:34,941 [root] DEBUG: |-- index_Mobile_Malware.yar
2018-02-14 19:35:34,941 [root] DEBUG: |-- index_Packers.yar
2018-02-14 19:35:34,942 [root] DEBUG: `-- index_Webshells.yar
2018-02-14 19:35:34,943 [lib.cuckoo.core.resultserver] DEBUG: ResultServer running on 192.168.56.1:2042.
2018-02-14 19:35:34,944 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" machine manager with max_analysis_count=0, max_machines_count=0, and max_vmstartup_count=10
2018-02-14 19:35:35,627 [modules.machinery.virtualbox] DEBUG: Getting status for win7
2018-02-14 19:35:35,706 [modules.machinery.virtualbox] DEBUG: Machine win7 status saved
2018-02-14 19:35:35,819 [modules.machinery.virtualbox] DEBUG: Stopping vm win7
2018-02-14 19:35:35,819 [modules.machinery.virtualbox] DEBUG: Getting status for win7
2018-02-14 19:35:35,902 [modules.machinery.virtualbox] DEBUG: Machine win7 status saved
2018-02-14 19:35:36,993 [modules.machinery.virtualbox] DEBUG: VBoxManage exited with error powering off the machine
2018-02-14 19:35:36,994 [modules.machinery.virtualbox] DEBUG: Getting status for win7
2018-02-14 19:35:37,083 [modules.machinery.virtualbox] DEBUG: Machine win7 status saved
2018-02-14 19:35:37,186 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s
2018-02-14 19:35:37,195 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks.
2018-02-14 19:35:39,350 [lib.cuckoo.core.scheduler] DEBUG: Task #5: Processing task
2018-02-14 19:35:39,352 [lib.cuckoo.core.scheduler] INFO: Task #5: Starting analysis of FILE '/opt/cuckoo-tmp/upload_pyyr7e/09a18cd7e004ce10b0a6b11f11f3333a.exe'
2018-02-14 19:35:39,356 [lib.cuckoo.core.scheduler] INFO: Task #5: File already exists at '/opt/cuckoo/storage/binaries/77da6a1941ac1971785cc85657bb2301eaa3ca8969ec9dc8c9739e9d9fcb4903'
2018-02-14 19:35:39,435 [lib.cuckoo.core.scheduler] INFO: Task #5: acquired machine win7 (label=win7)
2018-02-14 19:35:39,546 [modules.machinery.virtualbox] DEBUG: Starting vm win7
2018-02-14 19:35:39,546 [modules.machinery.virtualbox] DEBUG: Getting status for win7
2018-02-14 19:35:39,621 [modules.machinery.virtualbox] DEBUG: Machine win7 status saved
2018-02-14 19:35:39,742 [modules.machinery.virtualbox] DEBUG: Using current snapshot for virtual machine win7
2018-02-14 19:35:40,104 [modules.machinery.virtualbox] DEBUG: Getting status for win7
2018-02-14 19:35:40,176 [modules.machinery.virtualbox] DEBUG: Machine win7 status saved
2018-02-14 19:35:44,817 [modules.machinery.virtualbox] DEBUG: Getting status for win7
2018-02-14 19:35:44,953 [modules.machinery.virtualbox] DEBUG: Machine win7 status running
2018-02-14 19:35:45,556 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 15676 (interface=vboxnet0, host=192.168.56.101
snapshot = Snapshot1
interface = vboxnet0, dump path=/opt/cuckoo/storage/analyses/5/dump.pcap)
2018-02-14 19:35:45,557 [lib.cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer
2018-02-14 19:35:45,557 [lib.cuckoo.core.plugins] DEBUG: Started auxiliary module: Tor
2018-02-14 19:35:45,819 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=win7, ip=192.168.56.101
snapshot = Snapshot1
interface = vboxnet0)
2018-02-14 19:35:45,821 [lib.cuckoo.core.guest] DEBUG: win7: waiting for status 0x0001
2018-02-14 19:35:45,822 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:35:46,824 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:35:47,825 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:35:48,827 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:35:49,830 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:35:50,832 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:35:51,834 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:35:52,836 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:35:53,838 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:35:54,840 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:35:55,842 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:35:56,844 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:35:57,846 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:35:58,848 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:35:59,850 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:00,852 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:01,854 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:02,856 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:03,858 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:04,860 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:05,863 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:06,865 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:07,867 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:08,869 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:09,871 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:10,873 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:11,875 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:12,878 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:13,880 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:14,882 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:15,884 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:16,886 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:17,888 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:18,890 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:19,891 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:20,894 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:21,896 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:22,898 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:23,900 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:24,902 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:25,904 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:26,906 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:27,908 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:28,910 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:29,912 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:30,914 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:31,921 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:32,924 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:33,926 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:34,928 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:35,930 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:36,932 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:37,934 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:38,936 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:39,939 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:40,940 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:41,942 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:42,944 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:43,946 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:44,947 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:45,949 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:46,951 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:47,953 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:48,955 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:49,957 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:50,959 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:51,961 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:52,964 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:53,965 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:54,967 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
2018-02-14 19:36:55,970 [lib.cuckoo.core.guest] DEBUG: win7: not ready yet
curl vm_ip:8000 ?
curl vm_ip:8000
<title>Error response</title>Error response
Error code 501.
Message: Unsupported method ('GET').
Error code explanation: 501 = Server does not support this operation.
that means what connection between cuckoo and vm agent works fine, no idea where is your fail then.
which version of agent do you use?
I am also facing the same problem. I am using following repo and its agent.
https://github.com/spender-sandbox/cuckoo-modified
I spent my whole week but no to avail. I even checked by using tcpdump all traffic towards vboxnet0 during analysis. There is no communication between 192.168.56.1 and 192.168.56.101. Both host and analysis machines can telnet their respective ports. I think Cuckoo start the VM but then go somewhere else for communication with agent.
@doomedraven Please share if you have running and tested repo. May be it may help.
the current repo is fine, I think the problem is related to vbox, as you see there was reported issue with vbox in cuckoo v2
But I am facing the same issue with VMware vspher and esx server as well. I think problem may be with my configuration but there is nothing very tricky in configuration then what i m misconfiguring.
IP Address of Analysis Machine
IP : 192.168.56.101
Mask: 255.255.255.0
GW: 192.168.56.1
Primary DNS 4.2.2.2
Sec DNS 8.8.8.8
why do you use 4.2.2.2 as primary dns? use external dns better
for example
8.8.8.8 and 8.8.4.4
no idea guys, im using kvm and never had problems as this so i can't help too much
4.2.2.2 is also external DNS. Can it be the reason?
who knows, without try I cant' say nothing, but anyway that should affect it too much, as that is dns, and you are in local
Can you explain this code snippet in two or three line please?
while True:
# Check if we've passed the timeout.
if time.time() > end:
raise CuckooGuestError("{0}: the guest initialization hit the "
"critical timeout, analysis "
"aborted.".format(self.id))
try:
# If the server returns the given status, break the loop
# and return.
if self.server.get_status() == status:
log.debug("%s: status ready", self.id)
break
except:
pass
log.debug("%s: not ready yet", self.id)
time.sleep(1)
self.server._set_timeout(None)
return True
that is pretty clear what it does, it's self explanatory
Is there any misconfiguration then,
# Database connection timeout in seconds.
# If empty, default is set to 60 seconds.
timeout =
[timeouts]
# Set the default analysis timeout expressed in seconds. This value will be
# used to define after how many seconds the analysis will terminate unless
# otherwise specified at submission.
default = 420
# Set the critical timeout expressed in (relative!) seconds. It will be added
# to the default timeout above and after this timeout is hit
# Cuckoo will consider the analysis failed and it will shutdown the machine
# no matter what. When this happens the analysis results will most likely
# be lost.
critical = 60
# Maximum time to wait for virtual machine status change. For example when
# shutting down a vm. Default is 300 seconds.
vm_state = 300
no
I changed the python from 64 bit to 32 bit on cuckoo guest and the issue was resolved. Thanks