Case Study: Analysis and Mitigation of a Novel Sandbox-Evasion Technique

Interdisciplinary Research Group in Socio-technical Cybersecurity

Case Study: Analysis and Mitigation of a Novel Sandbox-Evasion Technique

Ziya Alper Genç, Gabriele Lenzini, Daniele Sgandurra
Abstract:
Malware is one of the most popular cyber-attack methods in the digital world. According to the independent test company AV-TEST, 350,000 new malware samples are created every day. To analyze all samples by hand to discover whether they are malware does not scale, so antivirus companies automate the process e.g., using sand- boxes where samples can be run, observed, and classified. Malware authors are aware of this fact, and try to evade detection. In this paper we describe one of such evasion technique: unprecedented, we discovered it while analyzing a ransomware sample. Analyzed in a Cuckoo Sandbox, the sample was able to avoid triggering malware indicators, thus scoring significantly below the minimum severity level. Here, we discuss what strategy the sample follows to evade the analysis, proposing practical defense methods to nullify, in our turn, the sample’s furtive strategy.
Authors:
Ziya Alper Genç, Gabriele Lenzini, Daniele Sgandurra
Publication date:
November, 2019
Published in:
Proceedings of the Third Central European Cybersecurity Conference
Reference:
Genç, Z. A., Lenzini, G., & Sgandurra, D. (2019, November). Case Study: Analysis and Mitigation of a Novel Sandbox-Evasion Technique. In Proceedings of the Third Central European Cybersecurity Conference (pp. 1-4).

Get in touch with us

SnT – Interdisciplinary Centre for Security, Reliability and Trust
29, Avenue J.F Kennedy L-1855 Luxembourg
info-irisc-lab@uni.lu