If it’s true a picture is worth a thousand words, then things just got a lot more interesting here…

That’s right… Minotaur now has screenshots taken at intervals during the execution of the malware in one of our sandbox systems (cuckoo)

Not all samples have screenshots. For some examples, try:

• 149c6c045b0b50dd158f160af75ded60
• a1707abae656968dc069a483ec848bd6
• 58d1c30452243b2a0682a7f5ff9d1fd8
• 918db0dbacb499775f12fa89cae0f0a9
• c2854eec4e766ec33c223bbae3a43819
• ce9787ed7a281f28c57b2f7fabd7d7c3

Once we catch up on the backlog, the system should add these screenshots as each sample is analyzed (exe only for now, PDF next).

Because cuckoo can run these dynamic analysis routines faster than the other sandbox environments we’ve built, it is becoming an integral part of the Minotaur platform. We are just working on scaling it up to what minotaur needs now.