search

idanr1986 / cuckoo-droid

CuckooDroid - Automated Android Malware Analysis with Cuckoo Sandbox.
578 stars 135 forks source link

Analysis failed: No Apps was launched #92

Open d0mnik opened 4 years ago

d0mnik commented 4 years ago

I cannot seem to get my cuckoodroid setup to work. Every time I send in a sample, i get the analysis failed error.

My setup is Cuckoo on Ubuntu 18.04 (VMware) andAndroid x86 4.4 RC2 (Virtualbox). I am using a nested virtualisation setup.

here are the debug logs:

2019-12-02 20:04:36,863 [root] DEBUG: Importing modules... 2019-12-02 20:04:37,244 [root] DEBUG: Imported "signatures" modules: 2019-12-02 20:04:37,245 [root] DEBUG: |-- AndroidDynamicCode 2019-12-02 20:04:37,245 [root] DEBUG: |-- AndroidDynamicCode 2019-12-02 20:04:37,245 [root] DEBUG: |-- KnownVirustotal 2019-12-02 20:04:37,245 [root] DEBUG: |-- KnownVirustotalThreshold 2019-12-02 20:04:37,245 [root] DEBUG: |-- AndroidDangerousPermissions 2019-12-02 20:04:37,245 [root] DEBUG: |-- AndroidDynamicCode 2019-12-02 20:04:37,245 [root] DEBUG: |-- AndroidGooglePlayDiff 2019-12-02 20:04:37,245 [root] DEBUG: |-- Hidden_Payload 2019-12-02 20:04:37,246 [root] DEBUG: |-- SandroRat 2019-12-02 20:04:37,246 [root] DEBUG: |-- AndroratMalware 2019-12-02 20:04:37,246 [root] DEBUG: |-- IBankingMalware 2019-12-02 20:04:37,246 [root] DEBUG: |-- AndroidNativeCode 2019-12-02 20:04:37,246 [root] DEBUG: |-- AndroidDynamicCode 2019-12-02 20:04:37,246 [root] DEBUG: |-- AndroidReflectionCode 2019-12-02 20:04:37,246 [root] DEBUG: |-- AndroidAbortBroadcast 2019-12-02 20:04:37,246 [root] DEBUG: |-- Hidden_Payload 2019-12-02 20:04:37,246 [root] DEBUG: |-- Hidden_Payload 2019-12-02 20:04:37,246 [root] DEBUG: |-- ApplicationContainsDex 2019-12-02 20:04:37,246 [root] DEBUG: |-- ApplicationContainsJar 2019-12-02 20:04:37,247 [root] DEBUG: |-- ApplicationContainsSo 2019-12-02 20:04:37,247 [root] DEBUG: |-- AndroidInstalledApps 2019-12-02 20:04:37,247 [root] DEBUG: |-- ApplicationDroppedDex 2019-12-02 20:04:37,247 [root] DEBUG: |-- ApplicationDroppedFiles 2019-12-02 20:04:37,247 [root] DEBUG: |-- ApplicationDroppedSo 2019-12-02 20:04:37,247 [root] DEBUG: |-- AndroidShellCommands 2019-12-02 20:04:37,247 [root] DEBUG: |-- AndroidPhoneNumber 2019-12-02 20:04:37,247 [root] DEBUG: |-- AndroidInstalledApps 2019-12-02 20:04:37,247 [root] DEBUG: |-- AndroidAccountInfo 2019-12-02 20:04:37,248 [root] DEBUG: |-- AndroidAppInfo 2019-12-02 20:04:37,248 [root] DEBUG: |-- AndroidPrivateInfoQuery 2019-12-02 20:04:37,248 [root] DEBUG: |-- AndroidAudio 2019-12-02 20:04:37,248 [root] DEBUG: |-- AndroidUsingReflection 2019-12-02 20:04:37,248 [root] DEBUG: |-- AndroidRegisteredReceiver 2019-12-02 20:04:37,248 [root] DEBUG: |-- AndroidInstalledApps 2019-12-02 20:04:37,248 [root] DEBUG: |-- AndroidSMS 2019-12-02 20:04:37,248 [root] DEBUG: |-- AndroidComponentEnabledSetting 2019-12-02 20:04:37,248 [root] DEBUG: |-- AndroidStopProcess 2019-12-02 20:04:37,248 [root] DEBUG: |-- ApplicationUsesLocation 2019-12-02 20:04:37,249 [root] DEBUG: |-- AndroidCamera 2019-12-02 20:04:37,249 [root] DEBUG: |-- CreatesExe 2019-12-02 20:04:37,249 [root] DEBUG: |-- SystemMetrics 2019-12-02 20:04:37,249 [root] DEBUG: |-- NetworkHTTP 2019-12-02 20:04:37,249 [root] DEBUG: |-- NetworkICMP 2019-12-02 20:04:37,249 [root] DEBUG: |-- NetworkIRC 2019-12-02 20:04:37,249 [root] DEBUG: -- NetworkSMTP 2019-12-02 20:04:37,249 [root] DEBUG: Imported "processing" modules: 2019-12-02 20:04:37,249 [root] DEBUG: |-- AnalysisInfo 2019-12-02 20:04:37,250 [root] DEBUG: |-- ApkInfo 2019-12-02 20:04:37,250 [root] DEBUG: |-- BehaviorAnalysis 2019-12-02 20:04:37,250 [root] DEBUG: |-- Debug 2019-12-02 20:04:37,250 [root] DEBUG: |-- Droidmon 2019-12-02 20:04:37,250 [root] DEBUG: |-- Dropped 2019-12-02 20:04:37,250 [root] DEBUG: |-- GooglePlay 2019-12-02 20:04:37,250 [root] DEBUG: |-- Memory 2019-12-02 20:04:37,250 [root] DEBUG: |-- NetworkAnalysis 2019-12-02 20:04:37,250 [root] DEBUG: |-- ProcessMemory 2019-12-02 20:04:37,250 [root] DEBUG: |-- Static 2019-12-02 20:04:37,251 [root] DEBUG: |-- Strings 2019-12-02 20:04:37,251 [root] DEBUG: |-- TargetInfo 2019-12-02 20:04:37,251 [root] DEBUG:-- VirusTotal 2019-12-02 20:04:37,251 [root] DEBUG: Imported "auxiliary" modules: 2019-12-02 20:04:37,251 [root] DEBUG: -- Sniffer 2019-12-02 20:04:37,251 [root] DEBUG: Imported "reporting" modules: 2019-12-02 20:04:37,251 [root] DEBUG: |-- JsonDump 2019-12-02 20:04:37,251 [root] DEBUG: |-- MAEC40Report 2019-12-02 20:04:37,251 [root] DEBUG: |-- MMDef 2019-12-02 20:04:37,251 [root] DEBUG: |-- MongoDB 2019-12-02 20:04:37,252 [root] DEBUG: |-- ReportAndroidHTML 2019-12-02 20:04:37,252 [root] DEBUG:-- ReportHTML 2019-12-02 20:04:37,252 [root] DEBUG: Imported "machinery" modules: 2019-12-02 20:04:37,252 [root] DEBUG: -- VirtualBox 2019-12-02 20:04:37,283 [root] DEBUG: Checking for locked tasks... 2019-12-02 20:04:37,345 [root] DEBUG: Initializing Yara... 2019-12-02 20:04:37,345 [root] DEBUG: |-- index_binaries.yar 2019-12-02 20:04:37,346 [root] DEBUG:-- index_memory.yar 2019-12-02 20:04:37,346 [lib.cuckoo.core.resultserver] DEBUG: ResultServer running on 192.168.56.1:2042. 2019-12-02 20:04:37,347 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" machine manager 2019-12-02 20:04:37,426 [modules.machinery.virtualbox] DEBUG: Getting status for test 2019-12-02 20:04:37,542 [modules.machinery.virtualbox] DEBUG: Machine test status running 2019-12-02 20:04:37,548 [modules.machinery.virtualbox] DEBUG: Stopping vm test 2019-12-02 20:04:37,548 [modules.machinery.virtualbox] DEBUG: Getting status for test 2019-12-02 20:04:37,683 [modules.machinery.virtualbox] DEBUG: Machine test status running 2019-12-02 20:04:38,694 [modules.machinery.virtualbox] DEBUG: Getting status for test 2019-12-02 20:04:38,811 [modules.machinery.virtualbox] DEBUG: Machine test status poweroff 2019-12-02 20:04:38,823 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2019-12-02 20:04:38,828 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2019-12-02 20:04:50,938 [lib.cuckoo.core.scheduler] DEBUG: Processing task #5 2019-12-02 20:04:50,939 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "/tmp/cuckoo-tmp/upload_mGn_Tu/ImportContacts.apk" (task=5) 2019-12-02 20:04:50,943 [lib.cuckoo.core.scheduler] INFO: File already exists at "/home/john/Desktop/cuckoo/storage/binaries/ff0e010d70009bb2ff242c7d74989efd85b99d74283b2d11bfcded083cee645c" 2019-12-02 20:04:50,953 [lib.cuckoo.core.scheduler] INFO: Task #5: acquired machine test (label=test) 2019-12-02 20:04:50,965 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 12067 (interface=vboxnet0, host=192.168.56.11, dump path=/home/john/Desktop/cuckoo/storage/analyses/5/dump.pcap) 2019-12-02 20:04:50,965 [lib.cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer 2019-12-02 20:04:50,980 [modules.machinery.virtualbox] DEBUG: Starting vm test 2019-12-02 20:04:50,980 [modules.machinery.virtualbox] DEBUG: Getting status for test 2019-12-02 20:04:51,122 [modules.machinery.virtualbox] DEBUG: Machine test status poweroff 2019-12-02 20:04:51,131 [modules.machinery.virtualbox] DEBUG: Using snapshot test2 for virtual machine test 2019-12-02 20:04:51,197 [modules.machinery.virtualbox] DEBUG: Getting status for test 2019-12-02 20:04:51,338 [modules.machinery.virtualbox] DEBUG: Machine test status saved 2019-12-02 20:04:54,042 [modules.machinery.virtualbox] DEBUG: Getting status for test 2019-12-02 20:04:54,201 [modules.machinery.virtualbox] DEBUG: Machine test status running 2019-12-02 20:04:54,208 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=test, ip=192.168.56.11) 2019-12-02 20:04:54,208 [lib.cuckoo.core.guest] DEBUG: test: waiting for status 0x0001 2019-12-02 20:05:01,272 [lib.cuckoo.core.guest] DEBUG: test: status ready 2019-12-02 20:05:01,274 [lib.cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=test, ip=192.168.56.11) 2019-12-02 20:05:01,366 [lib.cuckoo.core.guest] DEBUG: test: analyzer started with PID 0 2019-12-02 20:05:01,366 [lib.cuckoo.core.guest] DEBUG: test: waiting for completion 2019-12-02 20:05:02,370 [lib.cuckoo.core.guest] DEBUG: test: analysis not completed yet (status=2) 2019-12-02 20:05:03,376 [lib.cuckoo.core.scheduler] ERROR: Analysis failed: No Apps Were Lunched! 2019-12-02 20:05:03,380 [lib.cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2019-12-02 20:05:03,380 [modules.machinery.virtualbox] DEBUG: Stopping vm test 2019-12-02 20:05:03,380 [modules.machinery.virtualbox] DEBUG: Getting status for test 2019-12-02 20:05:03,518 [modules.machinery.virtualbox] DEBUG: Machine test status running 2019-12-02 20:05:04,530 [modules.machinery.virtualbox] DEBUG: Getting status for test 2019-12-02 20:05:04,644 [modules.machinery.virtualbox] DEBUG: Machine test status poweroff 2019-12-02 20:05:04,667 [lib.cuckoo.core.scheduler] DEBUG: Released database task #5 with status False 2019-12-02 20:05:04,681 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" on analysis at "/home/john/Desktop/cuckoo/storage/analyses/5" 2019-12-02 20:05:04,717 [modules.processing.apkinfo] WARNING: Dex size bigger than: None 2019-12-02 20:05:04,717 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "ApkInfo" on analysis at "/home/john/Desktop/cuckoo/storage/analyses/5" 2019-12-02 20:05:04,718 [modules.processing.behavior] WARNING: Analysis results folder does not exist at path "/home/john/Desktop/cuckoo/storage/analyses/5/logs". 2019-12-02 20:05:04,718 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" on analysis at "/home/john/Desktop/cuckoo/storage/analyses/5" 2019-12-02 20:05:04,721 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Debug" on analysis at "/home/john/Desktop/cuckoo/storage/analyses/5" 2019-12-02 20:05:04,721 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Droidmon" on analysis at "/home/john/Desktop/cuckoo/storage/analyses/5" 2019-12-02 20:05:04,722 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" on analysis at "/home/john/Desktop/cuckoo/storage/analyses/5" 2019-12-02 20:05:04,724 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" on analysis at "/home/john/Desktop/cuckoo/storage/analyses/5" 2019-12-02 20:05:04,724 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" on analysis at "/home/john/Desktop/cuckoo/storage/analyses/5" 2019-12-02 20:05:04,729 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Static" on analysis at "/home/john/Desktop/cuckoo/storage/analyses/5" 2019-12-02 20:05:04,733 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Strings" on analysis at "/home/john/Desktop/cuckoo/storage/analyses/5" 2019-12-02 20:05:04,740 [lib.cuckoo.common.objects] WARNING: Unable to match Yara signatures: init() got an unexpected keyword argument 'error_on_warning' 2019-12-02 20:05:04,741 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" on analysis at "/home/john/Desktop/cuckoo/storage/analyses/5" 2019-12-02 20:05:04,741 [lib.cuckoo.core.plugins] DEBUG: Applying signature overlays for signatures: creates_exe 2019-12-02 20:05:04,742 [lib.cuckoo.core.plugins] DEBUG: Running non-evented signatures 2019-12-02 20:05:04,742 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_AirPush_Adware" 2019-12-02 20:05:04,742 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_Umeng_Adware" 2019-12-02 20:05:04,743 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_antivirus_virustotal" 2019-12-02 20:05:04,743 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_antivirus_virustotal_threshold" 2019-12-02 20:05:04,743 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_dangerous_permissions" 2019-12-02 20:05:04,743 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "android_dangerous_permissions" 2019-12-02 20:05:04,744 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_dynamic_code" 2019-12-02 20:05:04,744 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_google_play_diff" 2019-12-02 20:05:04,744 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_hidden_payload" 2019-12-02 20:05:04,744 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_maware_snadrorat" 2019-12-02 20:05:04,745 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_maware_androrat" 2019-12-02 20:05:04,745 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_maware_iBanking" 2019-12-02 20:05:04,745 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_native_code" 2019-12-02 20:05:04,746 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_packer" 2019-12-02 20:05:04,746 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_reflection_code" 2019-12-02 20:05:04,746 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_aborted_broadcast_receiver" 2019-12-02 20:05:04,746 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_apk" 2019-12-02 20:05:04,746 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_arm_binaries" 2019-12-02 20:05:04,747 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_dex" 2019-12-02 20:05:04,747 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_jar" 2019-12-02 20:05:04,747 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_so" 2019-12-02 20:05:04,747 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_device_admin" 2019-12-02 20:05:04,748 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_dropped_dex" 2019-12-02 20:05:04,748 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_dropped_files" 2019-12-02 20:05:04,748 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_dropped_so" 2019-12-02 20:05:04,748 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_executed_shell_command" 2019-12-02 20:05:04,748 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_fingerprint" 2019-12-02 20:05:04,749 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_installed_app" 2019-12-02 20:05:04,749 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_queried_account_info" 2019-12-02 20:05:04,749 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_queried_installed_apps" 2019-12-02 20:05:04,749 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_queried_private_information" 2019-12-02 20:05:04,749 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_recording_audio" 2019-12-02 20:05:04,749 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_reflection" 2019-12-02 20:05:04,750 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_registered_receiver_runtime" 2019-12-02 20:05:04,750 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_root" 2019-12-02 20:05:04,750 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_sent_sms_messages" 2019-12-02 20:05:04,750 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_setComponentEnabledSetting" 2019-12-02 20:05:04,750 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_stopped_processes" 2019-12-02 20:05:04,751 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_uses_location" 2019-12-02 20:05:04,751 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_using_the_camera" 2019-12-02 20:05:04,751 [lib.cuckoo.core.plugins] DEBUG: Running signature "creates_exe" 2019-12-02 20:05:04,751 [lib.cuckoo.core.plugins] DEBUG: Running signature "generic_metrics" 2019-12-02 20:05:04,751 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_http" 2019-12-02 20:05:04,752 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_icmp" 2019-12-02 20:05:04,752 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_irc" 2019-12-02 20:05:04,752 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_smtp" 2019-12-02 20:05:04,764 [lib.cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump" 2019-12-02 20:05:04,795 [lib.cuckoo.core.plugins] DEBUG: Executed reporting module "MongoDB" 2019-12-02 20:05:04,928 [lib.cuckoo.core.plugins] DEBUG: Executed reporting module "ReportAndroidHTML" 2019-12-02 20:05:04,928 [lib.cuckoo.core.scheduler] INFO: Task #5: reports generation completed (path=/home/john/Desktop/cuckoo/storage/analyses/5) 2019-12-02 20:05:04,935 [lib.cuckoo.core.scheduler] INFO: Task #5: analysis procedure completed

tom-papaioannou commented 4 years ago

I am so sorry for the late reply. In case you, or anyone else, bumps into this error, it is probably because of the Superuser program of the Android Emulator. Please check in the Superuser program the following: 3 dots on the upper right corner>Settings and then "Automatic Response>Allow" and "Notifications>None". This was probably the cause of your problem.