Profiler
was designed and developed as part of a forensics methodology which involves
executing the same malware specimen multiple times in differently configured
systems, in order to observe and record possible diverse behavioral patterns
that most modern contextually dependent malware instances exhibit.
Profiler’s
current implementation is meant to extend the functionality of the Cuckoo
sandbox malware analysis tool in order to automate the process of correlating
and investigating multiple analyses results of the same malware sample.
Profiler
is able to automatically detect differences and similarities in the malware’s
activities among its multiple executions, thus identifying any contingent
behavioral changes.
Profiler’s automated processing and reporting features will hopefully allow
analysts to quickly assess malware conduct and provide insights on how the malware
operated within an explicit organizational infrastructure, minimizing manual
effort and time consuming analysis procedures.
Profiler is open-source and its beta version (along with the appropriate documentation) is available at: http://code.google.com/p/cuckoo-profiler/
Profiler is open-source and its beta version (along with the appropriate documentation) is available at: http://code.google.com/p/cuckoo-profiler/