It is possible to download any shared/publicly submitted binary sample and PCAP (if available) from hybrid-analysis.com using the free default API keys. Instructions on how to obtain a default API key are available here.
Please follow these steps:
- Download the VxAPI wrappers here: https://github.com/PayloadSecurity/VxAPI
- Configure VxAPI with your restricted API key (How to issue a self-signed API key)
- Use the new "get_public_result" CLI option specifying the environment ID and SHA256. Example:
python3 vxapi.py get_result --environmentId 100 e66362502d13e7a0b91e733dad0e0817c2274baf506a14ed0cecd209db07500a --type pcap
python3 vxapi.py get_result --environmentId 100 e66362502d13e7a0b91e733dad0e0817c2274baf506a14ed0cecd209db07500a --type bin
Note: restricted keys may use the types "pcap" or "bin". The full version of VxStream Sandbox provides other types, such as json, pdf, crt, maec, misp, openioc, html, memory.
Note: the default environment ID on hybrid-analysis.com is "100" (Windows 7 32-bit) and "200" (Android Static Analysis). This is subject to change and a new endpoint to fetch the available environment IDs with a restricted key is currently pending implementation.