introduce
DRAKVUF Sandbox is an automated black-box malware analysis system with the DRAKVUF engine under the hood, which does not require an agent on the guest OS. This project provides you with a friendly web interface that allows you to upload suspicious files for analysis. Once the sandbox job is complete, you can explore the analysis results through the above interface and see if the file is truly malicious.
Because setting up a malware sandbox is often difficult, this project also provides you with an installer application that guides you through the necessary steps and configures your system with settings recommended for beginners. Meanwhile, experienced users can tweak some settings and even replace some infrastructure parts to better suit their needs.
Supported Hardware and Software
In order to run DRAKVUF Sandbox, your setup must meet all of the listed requirements.
processor:
✔️ Required Intel processor with "Intel Virtualization Technology" (VT-x) and "Extended Page Table" (EPT)
A host system, with at least 2 core CPUs and 5 GB RAM, running GRUB as the bootloader, one of:
✔️ Debian 10 Buster
✔️ Ubuntu 18.04 Bionic
✔️ Ubuntu 20.04 focus
The guest system, one of:
✔️ Windows 7(x64)
✔️ Windows 10 build 2004 (x64)
Nested virtualization:
✔️ Xen - out of the box.
✔️ VMware Workstation Player - Works, but you need to check the Virtualize EPT option for the virtual machine; still requires an Intel processor with EPT.
✔️ KVM - works, but it's considered experimental. If you encounter any bugs, please report them to us so we can investigate further.
❌ AWS, GCP, Azure - hosting DRAKVUF sandbox in the cloud is not supported due to lack of exposed CPU capabilities (although this may change in the future).
❌ Hyper-V - not working.
❌ VMWare Fusion (Mac) - doesn't work.
Link
https://github.com/CERT-Polska/drakvuf-sandbox