Full-system Emulation Tag

Authored by: Arunpreet Singh and Clemens Kolbitsch The use of runtime-packing of malware has long become the standard to defeat traditional AV products. At the same time, malicious programs are continuously becoming more evasive to avoid being detected by first-generation sandboxes. New waves of malware are now combining these...

Authored by: Clemens Kolbitsch and Arunpreet Singh Another week comes to an end, another wave of evasive malware is attacking users. This week: Shifu. This malware family, termed an Uber Patchwork of Malware Tools in a recent DarkReading post, combines a plethora of evasive tricks to bypass traditional analysis systems,...

Authored by: Clemens Kolbitsch, Joe Giron, and Arunpreet Singh Over recent years, we have seen a rapid evolution of security products. Whenever a new technology is introduced, it tackles shortcomings of its predecessor, but also faces new challenges as attackers adapt to the changing security landscape. Just to give...

Authored by: Arunpreet Singh, Roman Vasilenko In their Youtube commercial, the infamous Hacking Team promises to their clients, who are typically government or law enforcement agencies, the ability to “look through [the customer’s] target’s eyes”. At the same time, they promise to do this by means of tools that...

New information about the Advanced Persistent Threat (APT) is hitting media headlines every day. In just the last few months alone, we have read horror stories of sophisticated malware like Duqu2 (which uses a kernel mode exploit to load its kernel mode component), targeted attacks...

A large set of publicly disclosed Advanced Persistent Threat (APT) and nation state attacks use sophisticated malware (e.g Turla, Duqu, Equation Group, Duqu2, etc.) that make use of at least one component running hidden inside the kernel of the Microsoft Windows operating system (OS). There,...

Recent media coverage drew a lot of attention to a new variant of the Dyre/Dyreza malware family that is evading traditional sandbox-based analysis systems. At the same time, F-Secure highlighted similar tricks found in Tinba malware. Not only are individual families starting to detect and...

An Extinction Level Event occurs when something rapid and cataclysmic happens upsetting the natural order of things to such a degree that species are not able to adapt quick enough and die off in rapid fashion. In the natural world, these events are rare with...

A look at Zeus Trojan variant called Citadel evading traditional sandboxes Fighting traditional sandboxes (or dynamic analysis systems in general) typically comes in the form of detecting the analysis environment or evading analysis through means of behavior triggers as mentioned in a previous blog post: Using...