Today we release Joe Sandbox 37 under the code name Beryl! This release is packed with many new detection signatures and interesting features to make malware detection even more precise!
If you wish to upgrade your on-premise Joe Sandbox installation right away, please read the Update Guide that you received via our e-mailing list. You can also find the Update Guide in our customer portal. Please be aware that Joe Sandbox v37 cannot be upgraded via the --updatefast command!
200 new Signatures
With these brand new Yara and Behavior signatures, Joe Sandbox is able to precisely detect various new malware families like RHADAMANTHYS, Headcrab, Zerobot, IceFire Ransomware, Vector Stealer, iWebUpdate, Pymafka, BlackLotus, SharpHound, ChromeLoader and many more. In addition, we added 13 Malware Configuration Extractors, e.g. RHADAMANTHYS, QBot Downloader, WshRat, Amadey, Titan Stealer, to name a few:
Joe Sandbox v37 comes with full support for Microsoft OneNote files. Embedded payloads are successfully extracted and detonated:
Our analysis reports now include a threat description, attribution, and URLs to relevant blog post thanks to a new Malpedia integration. The information from Malpedia enables analysts to get additional information on the detected threat.
Network IOC and machine setup Visualization
Customers using Live Interaction & Results to manually detonate a threat now benefit from a live visualization of network IOCs. The visualization is located on the right side just above the CPU and memory usage:
In addition, Joe Sandbox v37 features a visualization to show the analysis machine setup pre-detonation:
Improved Phishing Detection
Joe Sandbox Beryl comes with a larger update of the phishing detection engine. Recently we have seen a surge of malicious HTML files which are used to deliver phishing and payload. Beryl increases the precision to detect those HTML files:
In this blog post, we have presented the most important features of Joe Sandbox Beryl, but there are some other interesting features on top:
- Added Chrome cache extraction to improve Phishing Detection
- Added new Cookbook command _JBDisableSampleRenaming()
- Added v3 signature data for Android
- Improved ISO file support
- Improved prevention of specific GetTickCount VM detection
- Improved PDF sample automation
- Improved Live Interaction screen performance
- Improved hardening of analyzer
- Improved Joe Sandbox ML