Explore Joe Security Cloud Basic Accounts Subscribe to our Newsletters Contact Us
top title background image

Joe Security's Blog

How Malware fools Sandboxes with complex Installation Procedures

Cybercriminals are always innovative and fast in finding new tricks to bypass security solutions, and sandboxes are no exception. If you look at today's tricks, the majority belong to the group of environment checks. A malware detects that is not running on the real target system but rather in a sandbox and therefore hides its real behavior. However, what if the sandbox does not know how to execute the sample at all or if it does not find the payload? This blog post will outline some advanced attacks which fall into this category and show how Joe Sandbox can handle these evasions.


Latest Elise APT comes packed with Sandbox Evasions

Recently we came across an interesting sample which seems to be related to Elise Malware. Elise is tight to the Dragon Fish and Lotus Blossom APT groups which primary targets governments and defense contractors. Elise is known to infect victims by using the latest exploits available and is often packed with interesting Sandbox evasion techniques. In this blog post, we will dissect the latest version of Elise.


Deep Malware Analysis with Joe Sandbox 21 - Sapphire

Now, in the middle of Q1, we are happy to release our newest and greatest Joe Sandbox version with the code name Sapphire! Our Joe Sandbox Cloud Pro, Basic and OEM servers have already been upgraded to Sapphire a couple of weeks ago. If you want to upgrade your on-premise Joe Sandbox Desktop, Mobile, X, Complete and Ultimate installation now, please perform: mono joeboxserver.exe --updatefast In this blog post, we will show some of the enhancements and features of Sapphire. 80 New Behavior Signatures New signatures including detections for Spectre, Meltdown, various new CVEs, coin miners, DNS hijacker, Loapi and more: Spectre DNS Hijacker Loapi The new signatures enable analysts to spot and catch the latest security threats! Remote Assistance Given the complexity of automating the execution of some malware we added a functionality to provide remote assistance.


Older Posts