Interdisciplinary Research Group in Socio-technical Cybersecurity
Case Study: Analysis and Mitigation of a Novel Sandbox-Evasion Technique
Malware is one of the most popular cyber-attack methods in the digital world. According to the independent test company AV-TEST, 350,000 new malware samples are created every day. To analyze all samples by hand to discover whether they are malware does not scale, so antivirus companies automate the process e.g., using sand- boxes where samples can be run, observed, and classified. Malware authors are aware of this fact, and try to evade detection. In this paper we describe one of such evasion technique: unprecedented, we discovered it while analyzing a ransomware sample. Analyzed in a Cuckoo Sandbox, the sample was able to avoid triggering malware indicators, thus scoring significantly below the minimum severity level. Here, we discuss what strategy the sample follows to evade the analysis, proposing practical defense methods to nullify, in our turn, the sample’s furtive strategy.
Ziya Alper Genç, Gabriele Lenzini, Daniele Sgandurra
Proceedings of the Third Central European Cybersecurity Conference
Genç, Z. A., Lenzini, G., & Sgandurra, D. (2019, November). Case Study: Analysis and Mitigation of a Novel Sandbox-Evasion Technique. In Proceedings of the Third Central European Cybersecurity Conference (pp. 1-4).
Get in touch with us
SnT – Interdisciplinary Centre for Security, Reliability and Trust
Maison du Nombre, 6, avenue de la Fonte L-4364 Esch-sur-Alzette