DRAKVUF Malware Sandbox

Abstract

A sandbox is a system that provides a safe environment for analysis and deployment of malware samples while all the activities of the malware are captured and logged. DRAKVUF is an open-source black box analysis sandbox based on the popular Cuckoo sandbox system, which allows for safe execution of malware samples in various operating systems. The current implementation of DRAKVUF has shortcomings in terms of the web user interface which restricts user customisation of the analysis environment variables. This project extends the DRAKVUF sandbox web user interface to allow new capabilities such as: support for selection of multiple operating systems with various configurations, easy selection, and assigning environment variables that are currently hidden within the DRAKVUF configuration files or command line interface. The queuing system of DRAKVUF was also extended to allow for multiple samples to be analysed at once. A reporting component was also significantly improved by implementing the capability to generate and send comprehensive reports to a given email address provided by the user during submission. The reporting interface also provides historical data on previously submitted malware samples. The improved DRAKVUF system was hosted on an ECS server, accessible to staff and students to submit and analyse potentially malicious samples. The success of this project ws determined through a successful deployment and fully operational malware sandbox of DRAKVUF Sandbox instance and a developed web interface with several different operating systems and associated configurations.