cuckoo displays agent.py and results information as c2

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system

http://www.cuckoosandbox.org

Other

5.55k stars 1.71k forks source link

cuckoo displays agent.py and results information as c2 #1967

Open DigiAngel opened 6 years ago

DigiAngel commented 6 years ago

Not sure why...I have these as default in reporting.conf:

2017-11-17 11_58_07-cuckoo sandbox

jbremer commented 6 years ago

Can you find out in which process that URL was found? Might just be the malware checking in ;)

doomedraven commented 6 years ago

i saw that when manually configured vm, you download by browser the agent and/or the rest, later it detected in this way :D

DigiAngel commented 6 years ago

Thanks...for a second I thought maybe I had the agent.py not set correctly, but ya..agent.pyw is what I named it. I'll try a different sample and report my findings..thank you.

doomedraven commented 6 years ago

but did you download the agent from 192.168.100.1:8000 before?

DigiAngel commented 6 years ago

Oh yea...it's in the Startup dir and was taken from the agent dir from the cuckoo source.

doomedraven commented 6 years ago

so is what i told in my 1 comment