Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

This little ditty can avoid sandboxing on commercial and open stack !

Comments

  • #2
    Khannie
    Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    Malware's been doing that for a while (though this one does seem quite advanced). It's a real arms race. Interesting times.


  • #3
    dbit
    Closed Accounts Posts: 1,322 ✭✭✭dbit


    Simple programmatic time waits , now where has this technique been used before , ADT alarms ? Xbox 360 quartz time attack ?? pretty much every thing is open to timing attacks , its just interesting to see how they learned its behavior, in that the sandbox ignored it due to said staggering of time frame on activities . Yes I'm also aware the onion is used quite often to push or hide chatter from cnc or attackers on a plethora of malwares/trojans/ransomwares/pups


  • #4
    Blowfish
    Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    It's been a couple of years since malware has been attempting to evade sandboxes through various means. UpClicker was the first I remember which waited for mouse clicks. Other malware does stuff like popping dialogue boxes, multi stage payloads, doing nothing until reboot, checking volume info on the HDD etc..


Advertisement