Home

Awesome

anticuckoo

A tool to detect and crash Cuckoo Sandbox. Tested in Cuckoo Sandbox Official and Accuvant's Cuckoo version.

Please, consider make a donation: https://github.com/sponsors/therealdreg

Anticuckoo can also detect other sandbox like FireEye (-c2):

ScreenShot

Reddit / netsec discussion about anticuckoo.

Features

The overkill methods can be useful. For example using the overkill methods you have two features in one: detection/crash and "a kind of Sleep" (Cuckoomon bypass long Sleeps calls).

Crash POCs is only a demostration. A real malware can be use this code to detect cuckoo without crashing it, ex only check the exception, esp etc and after make useless code.

TODO list

Cuckoo Detection

Submit Release/anticuckoo.exe to analysis in Cuckoo Sandbox. Check the screenshots (console output). Also you can check Accesed Files in Sumary:

ScreenShot

Accesed Files in Sumary (django web):

ScreenShot

Cuckoo Crash

Specify in submit options the crash argument, ex -c1 (via django web):

ScreenShot

And check Screenshots/connect via RDP/whatson connection to verify the crash. Ex -c1 via RDP:

Screenshot

TODO

New ideas & PRs are wellcome.

Referenced by