Reference : Case Study: Analysis and Mitigation of a Novel Sandbox-Evasion Technique
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/40577
Case Study: Analysis and Mitigation of a Novel Sandbox-Evasion Technique
English
Genç, Ziya Alper mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Lenzini, Gabriele [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Sgandurra, Daniele [Royal Holloway, University of London > Department of Information Security]
2019
Proceedings of the Third Central European Cybersecurity Conference
ACM
Yes
No
International
978-1-4503-7296-1
New York
US
The Third Central European Cybersecurity Conference
14–15 November 2019
University of Maribor
ZITiS
Munich
Germany
[en] malware ; evasion ; stateless ; detection ; ransomware
[en] Malware is one of the most popular cyber-attack methods in the digital world. According to the independent test company AV-TEST, 350,000 new malware samples are created every day. To analyze all samples by hand to discover whether they are malware does not scale, so antivirus companies automate the process e.g., using sand- boxes where samples can be run, observed, and classified. Malware authors are aware of this fact, and try to evade detection. In this paper we describe one of such evasion technique: unprecedented, we discovered it while analyzing a ransomware sample. Analyzed in a Cuckoo Sandbox, the sample was able to avoid triggering malware indicators, thus scoring significantly below the minimum severity level. Here, we discuss what strategy the sample follows to evade the analysis, proposing practical defense methods to nullify, in our turn, the sample’s furtive strategy.
EU's Horizon 2020 Research and Innovation Programme
Fonds National de la Recherche - FnR
Researchers ; Professionals ; Students ; General public ; Others
http://hdl.handle.net/10993/40577
10.1145/3360664.3360673
https://www.fvv.um.si/cecc2019/
https://dl.acm.org/doi/abs/10.1145/3360664.3360673
H2020 ; 779391 - FutureTPM - Future Proofing the Connected World: A Quantum-Resistant Trusted Platform Module
FnR ; FNR13234766 > Gabriele Lenzini > NoCry PoC > No More Cryptographic Ransomware, Proof of Concept > 01/11/2018 > 31/10/2020 > 2018

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
cecc2019GLS.pdfAuthor postprint622.88 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.