3

I'm trying to run more than one sample at the same time in a single guest VM, for efficiency reasons, something that will be even more efficient than the distributed cuckoo solution, or using a few guest VMs.

For example, to submit a few URLs, so they will be opened in a few tabs(in IE or FF) in Cuckoo, so I won't need to run a clean VM for each URL.

Then, if any malicious activity is detected in any of the URLs, I'll find the malicious URL, and will make a deeper inspection of its activity using all other cuckoo plugins and modules, etc.

Can you think of a way to make it using cuckoo? or any workaround?

My use-case is that I have A LOT of samples, but only very few are malicious, so to run a VM for every one of them would be a waste of resources.

Cartucho
  • 3,257
  • 2
  • 30
  • 55
Michael
  • 796
  • 11
  • 27

1 Answers1

0

Cuckoo monitors malwares activity in system, record them and create report in a language like JSON. if you try several suspicious links probably malware in one VM, you cant track which part of JSON report (features) belong to which link (possibility malware). I believe you need to run different suspicious links/files in different VM. you can run few VM at the same time though.

Enkidu M
  • 1
  • 3