Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

issue with installing CAPE #3

Closed
ChrisPooh opened this issue May 17, 2017 · 1 comment
Closed

issue with installing CAPE #3

ChrisPooh opened this issue May 17, 2017 · 1 comment

Comments

@ChrisPooh
Copy link

Hi there,

I chanced upon the interesting works and bump into some issues. I am running a fresh installation of CAPE on ubuntu.

  1. I have followed the steps, but failed please kindly help
  2. how do i submit a sample of plugx malware? supposedly i have all 3 files that is required for the final payload to be assembled.

before_install: (completed all)
- sudo apt-get update -qq
- sudo apt-get install python-magic python-dpkt python-libvirt
- wget http://downloads.sourceforge.net/project/ssdeep/ssdeep-2.12/ssdeep-2.12.tar.gz
- tar -zxvf ssdeep-2.12.tar.gz
- cd ssdeep-2.12
- ./configure && make
- sudo make install
- cd ..
install: (error)

  • pip install -r requirements.txt

Building wheels for collected packages: geoip
Running setup.py bdist_wheel for geoip ... error
Complete output from command /usr/bin/python -u -c "import setuptools, tokenize;file='/tmp/pip-build-7BfTk4/geoip/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" bdist_wheel -d /tmp/tmp5YmxyVpip-wheel- --python-tag cp27:
/usr/lib/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option: 'bugtrack_url'
warnings.warn(msg)
running bdist_wheel
running build
running build_ext
building 'GeoIP' extension
creating build
creating build/temp.linux-x86_64-2.7
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c py_GeoIP.c -o build/temp.linux-x86_64-2.7/py_GeoIP.o -fno-strict-aliasing
py_GeoIP.c:23:19: fatal error: GeoIP.h: No such file or directory
compilation terminated.
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1

Failed building wheel for geoip
Running setup.py clean for geoip
Failed to build geoip
Installing collected packages: geoip, olefile, pillow, urllib3, elasticsearch, java-random, python-whois, beautifulsoup4, bs4, pefile2, pyvmomi, pype32, django-ratelimit, pydeep
Running setup.py install for geoip ... error
Complete output from command /usr/bin/python -u -c "import setuptools, tokenize;file='/tmp/pip-build-7BfTk4/geoip/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-SYmAPS-record/install-record.txt --single-version-externally-managed --compile:
/usr/lib/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option: 'bugtrack_url'
warnings.warn(msg)
running install
running build
running build_ext
building 'GeoIP' extension
creating build
creating build/temp.linux-x86_64-2.7
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c py_GeoIP.c -o build/temp.linux-x86_64-2.7/py_GeoIP.o -fno-strict-aliasing
py_GeoIP.c:23:19: fatal error: GeoIP.h: No such file or directory
compilation terminated.
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1

----------------------------------------

Command "/usr/bin/python -u -c "import setuptools, tokenize;file='/tmp/pip-build-7BfTk4/geoip/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-SYmAPS-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-build-7BfTk4/geoip/
p
@kevoreilly
Copy link
Contributor

Hi there, I am sorry to hear you have had issues with the installation. It looks like a problem installing geoip with pip, but I can't say much more than that to help with your first question I'm afraid, other than to note that this requirement is part of the underlying Cuckoo (from spender-sandbox) in case that might be helpful. I would check all is well with pip, and then try and manually install that package, and perhaps approach its author(s) if you are unable to get past this.

As far as submitting PlugX samples, if I am right in thinking that by the 3 files you mean a signed exe, sideloaded dll and payload file, then all you need to do is zip them with their proper names, and submit to CAPE with the zip package. If they are PlugX, this should be detected and a subsequent job with the PlugX_zip package should be triggered, pulling the config and payload(s). You can skip the first automatic job and submit with PlugX_zip if you already know or suspect it's PlugX.

I hope this is helpful, please let me know if you have any further questions.

Kevin

kevoreilly added a commit that referenced this issue Mar 8, 2019
@kevoreilly
Merge pull request #3 from doomedraven/vtapi3
ecdc646 
vt api v3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ChrisPooh @kevoreilly