Defeating Sandbox Evasion: How to Increase Successful Emulation Rate in Your Virtualized Environment presented at ShmooCon 2017

by Alexander Chailytko, Stanislav Skuratovich,

Summary : Sandboxed environments are commonly used nowadays to automatically analyze malware behavior. Most modern malicious application use detection techniques to avoid behavior analysis monitor by these environments. We will describe the ways to detect and evade Cuckoo Sandbox, which is the leading open-source automatic malware analysis system. As it is used by the largest players on the market, such as Virus Total and Malwr, as well as in internal anti-malware related projects, produced results with fake information can be critical. At the same time, we will propose fixes for found bugs and advanced virtual environment detection techniques. A user-friendly tool that can be used for virtual assessment was created as well.