jbremer
commented
8 years ago Which version of vmcloak do you have installed?
Closed samreenk closed 8 years ago
jbremer
commented
8 years ago Which version of vmcloak do you have installed?
samreenk
commented
8 years ago I had the latest version installed, 0.3. I had another issue that I think you may be able to help with. When I upload a malware sample in debug mode I keep getting that cuckoo1 is not ready... Not sure why this is the case as well.
Cuckoo Sandbox 2.0-rc1
www.cuckoosandbox.org
Copyright (c) 2010-2015
Checking for updates...
Good! You have the latest version available.
2016-07-19 09:18:42,516 [root] DEBUG: Importing modules...
2016-07-19 09:18:42,724 [root] DEBUG: Imported "signatures" modules:
2016-07-19 09:18:42,724 [root] DEBUG: |-- CreatesExe
2016-07-19 09:18:42,724 [root] DEBUG: `-- SystemMetrics
2016-07-19 09:18:42,724 [root] DEBUG: Imported "processing" modules:
2016-07-19 09:18:42,724 [root] DEBUG: |-- AnalysisInfo
2016-07-19 09:18:42,725 [root] DEBUG: |-- ApkInfo
2016-07-19 09:18:42,725 [root] DEBUG: |-- Baseline
2016-07-19 09:18:42,725 [root] DEBUG: |-- BehaviorAnalysis
2016-07-19 09:18:42,725 [root] DEBUG: |-- DroppedBuffer
2016-07-19 09:18:42,725 [root] DEBUG: |-- Debug
2016-07-19 09:18:42,725 [root] DEBUG: |-- Droidmon
2016-07-19 09:18:42,726 [root] DEBUG: |-- Dropped
2016-07-19 09:18:42,726 [root] DEBUG: |-- TLSMasterSecrets
2016-07-19 09:18:42,726 [root] DEBUG: |-- GooglePlay
2016-07-19 09:18:42,726 [root] DEBUG: |-- Memory
2016-07-19 09:18:42,726 [root] DEBUG: |-- NetworkAnalysis
2016-07-19 09:18:42,726 [root] DEBUG: |-- ProcessMemory
2016-07-19 09:18:42,727 [root] DEBUG: |-- Screenshots
2016-07-19 09:18:42,727 [root] DEBUG: |-- Snort
2016-07-19 09:18:42,727 [root] DEBUG: |-- Static
2016-07-19 09:18:42,727 [root] DEBUG: |-- Strings
2016-07-19 09:18:42,727 [root] DEBUG: |-- Suricata
2016-07-19 09:18:42,728 [root] DEBUG: |-- TargetInfo
2016-07-19 09:18:42,728 [root] DEBUG: `-- VirusTotal
2016-07-19 09:18:42,728 [root] DEBUG: Imported "auxiliary" modules:
2016-07-19 09:18:42,728 [root] DEBUG: |-- MITM
2016-07-19 09:18:42,728 [root] DEBUG: |-- Services
2016-07-19 09:18:42,728 [root] DEBUG: `-- Sniffer
2016-07-19 09:18:42,728 [root] DEBUG: Imported "reporting" modules:
2016-07-19 09:18:42,729 [root] DEBUG: |-- JsonDump
2016-07-19 09:18:42,729 [root] DEBUG: |-- Moloch
2016-07-19 09:18:42,729 [root] DEBUG: |-- MongoDB
2016-07-19 09:18:42,729 [root] DEBUG: `-- ReportHTML
2016-07-19 09:18:42,729 [root] DEBUG: Imported "machinery" modules:
2016-07-19 09:18:42,730 [root] DEBUG: `-- VirtualBox
2016-07-19 09:18:42,731 [root] DEBUG: Checking for locked tasks..
2016-07-19 09:18:42,737 [root] DEBUG: Checking for pending service tasks..
2016-07-19 09:18:42,742 [root] DEBUG: Initializing Yara...
2016-07-19 09:18:42,743 [root] DEBUG: |-- index_binaries.yar
2016-07-19 09:18:42,743 [root] DEBUG: `-- index_memory.yar
2016-07-19 09:18:42,747 [lib.cuckoo.core.resultserver] DEBUG: ResultServer running on 192.168.56.1:2042.
2016-07-19 09:18:42,749 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager
2016-07-19 09:18:42,847 [modules.machinery.virtualbox] DEBUG: Getting status for win7
2016-07-19 09:18:42,916 [modules.machinery.virtualbox] DEBUG: Machine win7 status poweroff
2016-07-19 09:18:42,946 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s
2016-07-19 09:18:42,976 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks.
2016-07-19 09:18:53,246 [lib.cuckoo.core.scheduler] DEBUG: Processing task
2016-07-19 09:18:53,248 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "notes-cuckoo.docx" (task #1, options "route=none")
2016-07-19 09:18:53,268 [lib.cuckoo.core.scheduler] INFO: Task #1: acquired machine cuckoo1 (label=win7)
2016-07-19 09:18:53,273 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 11407 (interface=vboxnet0, host=192.168.56.1, pcap=/Users/skhadeer/malware-sandbox/storage/analyses/1/dump.pcap)
2016-07-19 09:18:53,274 [lib.cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer
tcpdump: WARNING: vboxnet0: That device doesn't support promiscuous mode
(BIOCPROMISC: Operation not supported on socket)
tcpdump: listening on vboxnet0, link-type EN10MB (Ethernet), capture size 262144 bytes
2016-07-19 09:18:53,336 [modules.machinery.virtualbox] DEBUG: Starting vm win7
2016-07-19 09:18:53,337 [modules.machinery.virtualbox] DEBUG: Getting status for win7
2016-07-19 09:18:53,408 [modules.machinery.virtualbox] DEBUG: Machine win7 status poweroff
2016-07-19 09:18:53,456 [modules.machinery.virtualbox] DEBUG: Using current snapshot for virtual machine win7
2016-07-19 09:18:53,508 [modules.machinery.virtualbox] DEBUG: Getting status for win7
2016-07-19 09:18:53,585 [modules.machinery.virtualbox] DEBUG: Machine win7 status saved
2016-07-19 09:18:56,219 [modules.machinery.virtualbox] DEBUG: Getting status for win7
2016-07-19 09:18:56,320 [modules.machinery.virtualbox] DEBUG: Machine win7 status running
2016-07-19 09:18:56,366 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.56.1)
2016-07-19 09:18:56,371 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet
2016-07-19 09:18:57,381 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet
2016-07-19 09:18:58,389 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet
2016-07-19 09:18:59,393 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet
2016-07-19 09:19:00,403 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet
2016-07-19 09:19:01,412 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet
2016-07-19 09:19:02,416 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet
2016-07-19 09:19:03,423 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet
2016-07-19 09:19:04,428 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet
On Mon, Jul 18, 2016 at 10:46 AM, Jurriaan Bremer notifications@github.com wrote:
Which version of vmcloak do you have installed?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/jbremer/vmcloak/issues/72#issuecomment-233403428, or mute the thread https://github.com/notifications/unsubscribe-auth/AOry3J0_2vTIu7U26cDe_i8s5kE00Z1Jks5qW7vogaJpZM4JO82P .
Samreen Khadeer University of Washington | Junior | CSSE Cybersecurity | Undergraduate Research Assistant Intern | Information Security Engineering | Starbucks Coffee Company
jbremer
commented
8 years ago Did you correctly configure the IP addresses etc?
razuz
commented
8 years ago @samreenk did you run win7sp:1 or win7sp1 ? If last one then it's not correct - try the first one.
nvm
jbremer
commented
8 years ago @razuz This is vmcloak init, I believe @samreenk simply wants to call his VM win7sp1.
razuz
commented
8 years ago damn, sorry misreaded :)
samreenk
commented
8 years ago I am just trying to get cuckoo to work with my windows 7 virtual machine and I am running to an issue when I upload a file for analysis. My program gets stuck repeating the following until a network timeout is reached:
2016-07-19 14:51:40,682 [lib.cuckoo.core.guest] DEBUG: win7: analysis not completed yet (status=1)
I have checked the network of the guest and host and whether they communicate with each other and they do...
Originally, I was getting the same error but with status = 2, and when I ran the agent.py file as an admin and took a new snapshot the error swtiched from status = 2 to status = 1.
I am not quite sure what is wrong, but any insight would be really helpful as I have been trying to get this setup for weeks.
Thank you so much!
-Samreen
On Tue, Jul 19, 2016 at 10:37 AM, razuz notifications@github.com wrote:
damn, sorry mireaded :)
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jbremer/vmcloak/issues/72#issuecomment-233708792, or mute the thread https://github.com/notifications/unsubscribe-auth/AOry3IFd38SrXrPy7PhgL8sKxUBf5-8qks5qXQttgaJpZM4JO82P .
Samreen Khadeer University of Washington | Junior | CSSE Cybersecurity | Undergraduate Research Assistant Intern | Information Security Engineering | Starbucks Coffee Company
razuz
commented
8 years ago That's odd ... you're falling back to OldGuestManager not GuestManager ... you seem to be running cuckoo-rc1 stable ? @jbremer any thoughts on this why rc1 stable breaks ? agent has been upgraded on vmcloak - maybe something related to that ?
razuz
commented
8 years ago I guess that can be closed ... even if there are any anomlies then they should be fixed as soon as @jbremer pushes in new agent
jbremer
commented
8 years ago I believe this issue is indeed resolved. Please reopen if that's not the case.
upper07
commented
7 years ago Did you resolve this issue?? I have same problem, could you tell me how to resolve it?
jbremer
commented
7 years ago @upper07 Which issue is that exactly, this is a long thread?
upper07
commented
7 years ago I installed cuckoodroid v2.0, but no longer analyzed this status. 2017-03-09 13:26:31,236 [modules.machinery.virtualbox] DEBUG: Starting vm cuckoo1 2017-03-09 13:26:31,237 [modules.machinery.virtualbox] DEBUG: Getting status for cuckoo1 2017-03-09 13:26:31,307 [modules.machinery.virtualbox] DEBUG: Machine cuckoo1 status poweroff 2017-03-09 13:26:31,323 [modules.machinery.virtualbox] DEBUG: Using snapshot Snap1 for virtual machine cuckoo1 2017-03-09 13:26:31,396 [modules.machinery.virtualbox] DEBUG: Getting status for cuckoo1 2017-03-09 13:26:31,490 [modules.machinery.virtualbox] DEBUG: Machine cuckoo1 status saved 2017-03-09 13:26:33,795 [modules.machinery.virtualbox] DEBUG: Getting status for cuckoo1 2017-03-09 13:26:33,870 [modules.machinery.virtualbox] DEBUG: Machine cuckoo1 status running 2017-03-09 13:26:33,899 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.56.10) 2017-03-09 13:26:34,903 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet 2017-03-09 13:26:35,908 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet 2017-03-09 13:26:36,912 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet 2017-03-09 13:26:37,919 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet 2017-03-09 13:26:38,923 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet 2017-03-09 13:26:39,931 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet 2017-03-09 13:26:40,936 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet 2017-03-09 13:26:41,940 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet 2017-03-09 13:26:42,948 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet 2017-03-09 13:26:43,955 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet 2017-03-09 13:26:44,964 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet 2017-03-09 13:26:45,974 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet 2017-03-09 13:26:46,979 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet 2017-03-09 13:26:47,975 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet . . . . . . 2017-03-09 13:26:47,975 [lib.cuckoo.core.guest] DEBUG: cuckoo1: not ready yet
When the init command for vmcloak is ran, the system fails init and states that there is an ImportError: No module named vmcloak.dependencies
Any suggestions on how to get around and fix this import error?