search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.52k stars 1.7k forks source link

Rat Autoit low score #1963

Open Nwinternights opened 6 years ago

Nwinternights commented 6 years ago

analyzer.log Analysis set on 280 sec) Hi all, gotta a sample of a RAT that uses Autoit, I've submitted to cuckoo (2.0.4.4) and I got a really low score with few matched signatures. All the traffic were not dumped(POST to Webservers and of course Suricata Signatures) neither all the signatures regarding evasion/detection
the sample is https://www.reverse.it/sample/a1a9c279c69734079b0e882ab8abfbdb6adbb637b52ec716faf3dc374a91d8c3?environmentId=100. capture Any help is appreciated. regards

Partial output with cuckoo 1.3 1 3

hackdefendr commented 6 years ago

I'm seeing the same issue with the latest (git) cuckoo...only with several different malwares (ransomeware, trojan, malware).