Scribd Logo
Upload

Welcome to Scribd!

  • Sandbox

    Uploaded by

    Aryyaas A
    12 views9 pages
    This document discusses sandbox-evading malware, which are types of malware that can detect if they are running inside a sandbox or virtual environment. These malwares avoid executing malicious code while in the controlled sandbox and only activate after being deployed in the real world. Examples given include the Locky ransomware from 2016 and the RogueRobin trojan detected in 2018 in the Middle East. The document provides tips for protecting against sandbox-evading malware, such as dynamically changing sleep durations and simulating human interactions to make sandboxes less detectable.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses sandbox-evading malware, which are types of malware that can detect if they are running inside a sandbox or virtual environment. These malwares avoid executing malicious code while in the controlled sandbox and only activate after being deployed in the real world. Examples given include the Locky ransomware from 2016 and the RogueRobin trojan detected in 2018 in the Middle East. The document provides tips for protecting against sandbox-evading malware, such as dynamically changing sleep durations and simulating human interactions to make sandboxes less detectable.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views9 pages

    Sandbox

    Uploaded by

    Aryyaas A
    This document discusses sandbox-evading malware, which are types of malware that can detect if they are running inside a sandbox or virtual environment. These malwares avoid executing malicious code while in the controlled sandbox and only activate after being deployed in the real world. Examples given include the Locky ransomware from 2016 and the RogueRobin trojan detected in 2018 in the Middle East. The document provides tips for protecting against sandbox-evading malware, such as dynamically changing sleep durations and simulating human interactions to make sandboxes less detectable.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    LET US LEARN ABOUT

    MALWARES
    THAT ACTIVATE THEMSELVES ONLY
    AFTER TESTING IS COMPLETED, AND
    LIVE IMPLEMENTATION IS DONE.
    (ALSO KNOWN AS SANDBOX-
    EVADING-MALWARES)

    www.benchmarksixsigma.com
    SANDBOX

    Sandbox is a testing environment


    that enables software developers
    to isolate and test (or run) new
    pieces of programs without
    affecting the overall application. It
    helps in the independent
    evaluation, monitoring and testing.

    www.benchmarksixsigma.com
    New feature development, patch
    testing, vulnerability detection,
    bug fixing, and code
    improvements are a few of the
    multiple uses of a sandbox.

    www.benchmarksixsigma.com
    SANDBOX EVADING
    MALWARE

    Sandbox-evading-malware is a
    new type that can detect if it’s
    inside a sandbox or virtual
    environment. This malware
    doesn’t execute its malicious
    code until they’re outside the
    controlled environment.

    www.benchmarksixsigma.com
    REAL WORLD EXAMPLES OF
    SANDBOX EVADING MALWARE

    Locky ransomware, released in


    2016, is a good example of a
    sandbox-evading virus. It was
    spread through JavaScript
    code that was infected with
    encrypted DLL files.

    www.benchmarksixsigma.com
    In mid of 2018, a new version
    of malware called the
    RogueRobin trojan was
    detected in the Middle East.
    This government organisation-
    based malware was spread via
    email in an attached RAR
    archive.

    www.benchmarksixsigma.com
    Protection from sandbox-evading
    malware:
    1. Dynamically change sleep
    duration.
    2. Simulate human interactions.
    3. Add real environmental and
    hardware artifacts.
    4. Perform static in addition to
    dynamic analysis.
    5. Use fingerprint analysis

    www.benchmarksixsigma.com
    6. Use behavior-based analysis.
    7. Customize your sandboxing.
    8. Add kernel analysis.
    9. Implement machine learning.
    10. Consider content disarm and
    reconstruction (CDR) as an
    extra security layer.

    www.benchmarksixsigma.com
    INQUIRE NOW!

    Learn about problem-solving in


    our Green Belt, Black Belt, and
    Master Black Belt programs

    +91 98113 70943

    www.benchmarksixsigma.com

    https://tinyurl.com/BSSinquire

    You might also like