Giters

spender-sandbox / cuckoo-modified

Modified edition of cuckoo

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Usage.py auxiliary module doesn't call add_pid function in Cape Sandbox

WiltedDeath opened this issue · comments

commented

Expected Behavior
I am currently trying to add Pe sieve as an auxiliary module in Cape Sandbox. I copied the add_pid functions from usage.py so that pe sieve recognizes which is the pid of the malware sample and run on it. When running pe sieve its required to give it a pid to scan the process. In Cape i want to integrate Pe-sieve by using pid functions to help it interact with the malware sample.
CAPE devs said that i should reach out here for that manner: b86da47

Current Behavior
I looked at usage.py and i saw it had lines about PID. I thought i could use that to help Pe sieve interact with the malware sample in order to run on it. But in usage.py that function does not get called why is that, does it wait for something or? Can you explain how does usage.py work for this.

285896772-2f5d8652-ba59-4836-b90b-5fbe80a7317a

285896531-583ca018-10dd-4fd4-b552-7bd6729b6d71

My current code:

import time
import logging
import os
import subprocess
from threading import Thread
from lib.common.abstracts import Auxiliary
from lib.common.results import NetlogFile

log = logging.getLogger(__name__)

class PESieve(Auxiliary, Thread):
    def __init__(self, options, config):
        Auxiliary.__init__(self, options, config)
        Thread.__init__(self)
        #self.enabled = config.get("pesieve", True)
        self.pesieve_path = "C:\\Users\\CapeUser\\Desktop\\pesieve\\pe-sieve64.exe"
        self.netlog_file = NetlogFile("aux/pesieve.log")

    def add_pid(self, pid):
        log.info("Pid Check") 
        print("Started PID checks")
        
        pass
    
    def del_pid(self, pid):
        log.info("Pid Check") 
        print("Started PID checks")
    
        
    
    def start(self):
        self.run()
        #if self.enabled:
            

    def run(self):
        log.info("RUN CHECK") 
        print("Running PID checks")


        """ try:
            subprocess.Popen([self.pesieve_path], shell=False)
            log.info("PE-sieve started successfully.")
            print("PE-sieve started successfully.")  # Add print statement
            self.collect_and_store_results()
        except Exception as e:
            log.error(f"Failed to start PE-sieve: {e}")
            print(f"Failed to start PE-sieve: {e}")  # Add print statement """
        while False:
            time.sleep(2)
        return True

    def collect_and_store_results(self):
        pesieve_output_path = "C:\\Users\\CapeUser\\Desktop\\pesieve\\output\\pesieve_output.json"
        try:
            with open(pesieve_output_path, "r") as f:
                results = f.read()
            self.netlog_file.send(results.encode())
            log.info("PE-sieve results collected and logged.")
            print("PE-sieve results collected and logged.")  # Add print statement
        except IOError:
            log.error("PE-sieve output not found or could not be opened.")
            print("PE-sieve output not found or could not be opened.")  # Add print statement

    def stop(self):
        pass
``