Sandbox-Evading Malware Are Coming: 7 Most Recent Attacks

August 21, 2018
(271 views)

Nowadays, anti-malware applications widely use sandbox technology for detecting and preventing viruses. Unfortunately, criminals are developing new malware that can evade this technology. If such malware detects the signs of VM environment, it remains inactive until they are outside of the sandbox. Experts predicted that in 2018 we would see an increasing number of cyber attacks performed with sandbox-evading. However, the epidemic has actually started two years ago. Let's look at the most recent attacks that were successful because modern security solutions weren't able to detect sandbox-evading malware.

1. Grobios

Since early March 2018, there have been cases of attacks performed with the RIG Exploit Kit that infects victims with a backdoor trojan called Grobios. This malware is packed with PECompact 2.xx that allows it to evade static detection. Though the unpacked file has no functions, it uses hashing to obfuscate the names of API functions it invokes. It also divides the PE header of the DLL files to match the name of a function to its hash. In addition, the trojan performs a series of checks to become aware of its environment. Particularly, it looks for virtual machine software, like Hyper-V or VMWare, a username with the words "malware", "sandbox", or "maltest", and compares the driver names with its blacklist of VM drivers.

2. GootKit

Read the rest of this story with a free account.

Already have an account? Sign in

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
NigthBlood
5 years ago

208/5000
all escape technologies are very old and can be easily bypassed
however, there is malware that uses Domain Name verification to detect Hyper-V and Sandbox

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.