Box.js - A Tool For Studying Javascript Malware

✨ deeznutz

✨ deeznutz

✨ Master ✨
Staff member
Joined
May 15, 2017
Messages
981
Likes
760
Points
1,045
box-js.png


A utility to analyze malicious JavaScript.

Installation
Simply install box-js from npm:
Code:
npm install box-js --global
Click to expand...

Usage
Looking to use box-js with Cuckoo? Use cuckoo-package.py as an analysis package.
Let's say you have a sample called sample.js: to analyze it, simply run
Code:
box-js sample.js
Click to expand...

Chances are you will also want to download any payloads; use the flag --download to enable downloading. Otherwise, the engine will simulate a 404 error, so that the script will be tricked into thinking the distribution site is down and contacting any fallback sites.

Box.js will emulate a Windows JScript environment, print a summary of the emulation to the console, and create a folder called sample.js.results (if it already exists, it will create sample.js.1.results and so on). This folder will contain:
  • analysis.log, a log of the analysis as it was printed on screen;
  • a series of files identified by UUIDs;
  • snippets.json, a list of pieces of code executed by the sample (JavaScript, shell commands, etc.);
  • urls.json, a list of URLs contacted;
  • active_urls.json, a list of URLs that seem to drop active malware;
  • resources.json, the ADODB streams (i.e. the files that the script wrote to disk) with file types and hashes;
  • IOC.json, a list of behaviours identified as IOCs (Indicators of Compromise). These include registry accesses, written files, HTTP requests and so on.
Download Box-Js
 
You must log in or register to reply here.
Top Bottom