Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Usage.py auxiliary module doesn't call add_pid function in Cape Sandbox #517

Open
WiltedDeath opened this issue Nov 27, 2023 · 0 comments
Open

Comments

@WiltedDeath
Copy link

Expected Behavior
I am currently trying to add Pe sieve as an auxiliary module in Cape Sandbox. I copied the add_pid functions from usage.py so that pe sieve recognizes which is the pid of the malware sample and run on it. When running pe sieve its required to give it a pid to scan the process. In Cape i want to integrate Pe-sieve by using pid functions to help it interact with the malware sample.
CAPE devs said that i should reach out here for that manner: b86da47

Current Behavior
I looked at usage.py and i saw it had lines about PID. I thought i could use that to help Pe sieve interact with the malware sample in order to run on it. But in usage.py that function does not get called why is that, does it wait for something or? Can you explain how does usage.py work for this.

285896772-2f5d8652-ba59-4836-b90b-5fbe80a7317a

285896531-583ca018-10dd-4fd4-b552-7bd6729b6d71

My current code:

import time
import logging
import os
import subprocess
from threading import Thread
from lib.common.abstracts import Auxiliary
from lib.common.results import NetlogFile

log = logging.getLogger(__name__)

class PESieve(Auxiliary, Thread):
    def __init__(self, options, config):
        Auxiliary.__init__(self, options, config)
        Thread.__init__(self)
        #self.enabled = config.get("pesieve", True)
        self.pesieve_path = "C:\\Users\\CapeUser\\Desktop\\pesieve\\pe-sieve64.exe"
        self.netlog_file = NetlogFile("aux/pesieve.log")

    def add_pid(self, pid):
        log.info("Pid Check") 
        print("Started PID checks")
        
        pass
    
    def del_pid(self, pid):
        log.info("Pid Check") 
        print("Started PID checks")
    
        
    
    def start(self):
        self.run()
        #if self.enabled:
            

    def run(self):
        log.info("RUN CHECK") 
        print("Running PID checks")


        """ try:
            subprocess.Popen([self.pesieve_path], shell=False)
            log.info("PE-sieve started successfully.")
            print("PE-sieve started successfully.")  # Add print statement
            self.collect_and_store_results()
        except Exception as e:
            log.error(f"Failed to start PE-sieve: {e}")
            print(f"Failed to start PE-sieve: {e}")  # Add print statement """
        while False:
            time.sleep(2)
        return True

    def collect_and_store_results(self):
        pesieve_output_path = "C:\\Users\\CapeUser\\Desktop\\pesieve\\output\\pesieve_output.json"
        try:
            with open(pesieve_output_path, "r") as f:
                results = f.read()
            self.netlog_file.send(results.encode())
            log.info("PE-sieve results collected and logged.")
            print("PE-sieve results collected and logged.")  # Add print statement
        except IOError:
            log.error("PE-sieve output not found or could not be opened.")
            print("PE-sieve output not found or could not be opened.")  # Add print statement

    def stop(self):
        pass
``
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant