The basic plan is to make use of a virtual machine to install the Cuckoo Sandbox host and have it contain VirtualBox along with a target machine which will initially be XP. I'm writing this down to take notes for myself and have a record of the experience kept online in case someone happens to stumble upon this post down the road.
If all goes well, my test instance will look like this:
Windows 7->VMware Workstation->Ubuntu->VirtualBox->XP
The host machine has 24GB of ram and I have given over 8GB to the Ubuntu VM. Install Ubuntu I went through a default install of Ubuntu 12.04.1 and initially forgot to install the Desktop which may or may not be required but would make things easier when it comes to VirtualBox which I have not spent much time using on a Linux host. Reran tasksel and selected the Ubuntu Desktop option and go from there.
Installing VirtualBox
Download the Oracle apt key and install with the following command found at https://www.virtualbox.org/wiki/Linux_Downloads
- wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -
- apt-get update apt-get install virtualbox
Launch VirtualBox and install a default install of XP Proceed with installation of Cuckoo sandbox as per directions on docs.cuckoosandbox.org
The cuckoo installation was very straightforward with the only minor issues being the yara and pydeep installations which the instructions intentionally do not cover. Was only a matter of find the right dependencies for the packages but required a little bit of digging all the same.
I may go back through the installation again to document the full requirements but here are a few notes
pydeep required ssdeep from sourceforge and also required that python2.7-dev was installed via apt-get install python2.7-dev.
Other packages required included git. Git clone the pydeep site and run the python setup.py build and sudo python setup.py install commands once all dependencies were met. Any time a package installation failed required a google search to see what the cause was.
Yara-python requires yara. Download both packages from the yara google code project site and install yara first then yara python.
