mac-a-mal icon indicating copy to clipboard operation
mac-a-mal copied to clipboard

Published 20 hours ago verified publisher icon phdphuc

Can you share your VM Image

Open seantree opened this issue 6 years ago • 8 comments

Hi,

First of all Thank you for building this but after trying a lot I didn't setup correctly MACOS Cuckoo. . if you won't mind, can you please share your VM Image of Guest machine so that it Help us. . I hope you understand our problem. . Thanks & Regards Seantree

seantree avatar Aug 01 '18 05:08 seantree

@seantree hi again,

In other issue I sent the manual + the wrapper-script to set up MacOS X. Had you a chance to use that?

zentavr avatar Aug 02 '18 01:08 zentavr

Hi @zentavr

No I didn't implemented that part because I already implemented this one. The manual which is given by you it was good but I didn't get a time to implement it properly because somewhere it confuses me a lot.

seantree avatar Aug 06 '18 08:08 seantree

What was the problem?

-- Thanks, Andrey Miroshnichenko mailto:[email protected]

6 серп. 2018 р. о 11:45 seantree [email protected] пише:

Hi @zentavr

No I didn't implemented that part because I already implemented this one. The manual which is given by you it was good but I didn't get a time to implement it properly because somewhere it confuses me a lot.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

zentavr avatar Aug 06 '18 08:08 zentavr

Same thing I was facing which you discussed here. I have tried this method by using latest cuckoo version with darwin but it runs for few seconds and doesn't gather any behaviour information thereafter I moved to the mac-a-mal cuckoo https://github.com/cuckoosandbox/cuckoo/issues/2401

seantree avatar Aug 06 '18 13:08 seantree

I had nothing to work with cuckoo 2.0.6.2, but with 2.0-rc2 seems like it is better:

# Cloning the stock repo
git clone --depth=1 https://github.com/cuckoosandbox/cuckoo.git cuckoo -b 2.0-rc2

# Adding Mac-A-Mal code on top of cuckoo
cd cuckoo
git remote add mac-a-mal https://github.com/phdphuc/mac-a-mal-cuckoo.git
git pull --allow-unrelated-histories --no-edit -s recursive -X theirs mac-a-mal master

Pack it:

rm -rf .git .codeclimate.yml .gitignore .travis.yml LICENSE README.md
tar zcvf ../cuckoo-2.0-rc2-mac-a-mal-8bbec99d.tar.gz .

As for guest - I used MacOS X Yosemite (10.10), because I have no valid certificate to sign mac-a-mal.kext, but with VirtualBox I can specify the command-line boot parameter in order to be able to load unsigned kexts.

zentavr avatar Aug 06 '18 13:08 zentavr

So is it working in your case? can you easily analyze any mac binary file easily ? or still facing some difficulties?

seantree avatar Aug 07 '18 05:08 seantree

Frankly speaking my bash script which downloads mini Ubuntu iso file worked only one time from 6 trials.

zentavr avatar Aug 07 '18 07:08 zentavr

Ok but If we go as per the MAC-A-Mal Cuckoo it will work I think because I heard that it's working perfectly only the thing is we need to configure mac-a-mal properly for it. . I did lots of experiments afterwards I came here to take the help from its developer. So, waiting for the @phdphuc to come and help us.

seantree avatar Aug 07 '18 11:08 seantree