drakvuf-sandbox
by CERT-Polska
DRAKVUF Sandbox is an automated hypervisor-level malware analysis system that enables agentless, black-box analysis of suspicious files via a user-friendly web interface.
DRAKVUF Sandbox - automated hypervisor-level malware analysis system
Primary Use Case
Security analysts and incident responders use DRAKVUF Sandbox to automatically analyze potentially malicious files in a controlled virtualized environment without installing agents on the guest OS. It helps determine whether files are malicious by providing detailed analysis results accessible through a web interface, streamlining malware investigation and response workflows.
- Agentless black-box malware analysis using the DRAKVUF engine
- Automated sandboxing with a web interface for uploading and reviewing analysis
- Installer app that guides setup with recommended beginner-friendly configurations
- Supports Windows 7 and Windows 10 (x64) guest systems
- Compatible with Intel processors supporting VT-x and EPT
- Nested virtualization support for Xen, KVM, and VMware Workstation Player
- Open source with active maintenance and community support
- Detailed analysis results accessible via a friendly web UI
Installation
- Ensure host system runs Debian 12 Bookworm or Ubuntu 22.04 Jammy with GRUB bootloader
- Use an Intel processor with VT-x and EPT features enabled
- Download the installer app from the repository's latest releases
- Run the installer app to guide through system configuration and sandbox setup
- Configure guest virtual machines with supported Windows versions (Windows 7 or Windows 10 x64)
- Enable nested virtualization if using Xen, KVM, or VMware Workstation Player (with Virtualize EPT option)
- Avoid unsupported platforms such as AWS, GCP, Azure, Hyper-V, and VMware Fusion on Mac
Usage
>_ Upload suspicious files via the web interfaceSubmit files for automated malware analysis without requiring guest OS agents
>_ Explore analysis results through the web UIReview detailed insights on file behavior and determine maliciousness
>_ Use the installer appGuide through installation and configuration steps for the sandbox environment
- Integrate DRAKVUF Sandbox with SIEM platforms to automate alert triage and malware analysis workflows.
- Leverage the agentless nature to analyze malware samples that attempt to detect or evade traditional endpoint agents.
- Use the sandbox in purple team exercises to validate detection rules and response playbooks against real malware behaviors.
- Deploy in isolated lab environments with nested virtualization to safely analyze advanced persistent threat (APT) malware samples.
- Extend the web interface with custom parsers to extract IOC indicators for automated threat intelligence sharing.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about drakvuf-sandbox. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
This tool hasn't been indexed yet. Request indexing to enable AI chat.
Admin will review your request within 24 hours
Related Tools
x64dbg
x64dbg/x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
theZoo
ytisf/theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
flare-vm
mandiant/flare-vm
A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
capa
mandiant/capa
The FLARE team's open-source tool to identify capabilities in executable files.
retoolkit
mentebinaria/retoolkit
Reverse Engineer's Toolkit
awesome-yara
InQuest/awesome-yara
A curated list of awesome YARA rules, tools, and people.