Malware Sandbox Deployment, Analysis and Development

Year 2020, the world is in the midst of an event unprecedented, the coronavirus appeared. A lot of countries reacted by a lockdown which increased the number of people needing internet. However at the same time, malware developers have increased their attacks knowing that a lot of vulnerable people are now surfing on the web. This thesis talks about the "Malware Sandbox", a technology developed by malware researchers to be able to detect automatically a new malware. Cuckoo, the leading open-source malware sandbox, is in the spotlight in this thesis. It begins by describing how it is possible to deploy Cuckoo easier by integrating it into a container. All the difficulties it implied and how they were overcome. The installation process has been automated thanks to Docker and some bash scripts. Then, the second part shows some results collected thanks to this configuration and it shows how the malware evasion is detected by Cuckoo and how it gives a score to the malware. The third part is about developing Cuckoo 3 which will soon replace Cuckoo 2 with multiple new features. This part explains what is different in these two versions and describes a contribution to add the machinery module VirtualBox.