VB2016-sandbox-evasion- Sandbox Detection & Evasion Tool

Modern malwares include several ways and technique to hide its presence on the system. Most malware analysts are going to use sandboxed environment to investigate new samples and make analyses to see how the malware will be executed and what changes the malware will bring to system.

If you are looking to explain the method used by malwares you can check VB2016-sandbox-evasion tool. This is an open source program created by checkpoint that is intended for assessment of your virtual environments in an easy and reliable way.

This tool contains the most recent and up to date detection and evasion techniques as well as fixes for them. Also, you can add and expand existing techniques yourself even without modifying the source code.

Some of the features are:

  • Generic tool that covers a lot of different virtual environment detection techniques.
  • Easily extendable; support for new virtual environments can be added quickly.
  • As Cuckoo Sandbox is the most prevalent tool used for automated malware analysis, the tool include the detections of it as well.
  • Ability to introduce new detection techniques not through modifying the source code, but using the JSON configuration files, so the whole community can contribute towards the development of that tool.
  • User-friendly reports about the checked environment that can be shared within the organization among the purely technical guys as well as higher management.

Usually if the malware detect the sandbox actions will be is to terminate the malicious process immediately and this will prevent any dynamic analyses or second action will be executing some legitimate alternative tasks without infecting the system.

You can read more about this tool over the following link: https://github.com/CheckPointSW/VB2016-sandbox-evasion