Explore Joe Security Cloud Basic Accounts Contact Us
top title background image

Joe Security's Blog

Joe Sandbox v37 Beryl

Published on: 04.04.2023


Today we release Joe Sandbox 37 under the code name Beryl! This release is packed with many new detection signatures and interesting features to make malware detection even more precise! 





Our Joe Sandbox Cloud ProBasic and OEM servers have recently been upgraded to Beryl.

If you wish to upgrade your on-premise Joe Sandbox installation right away, please read the Update Guide that you received via our e-mailing list. You can also find the Update Guide in our customer portal. Please be aware that Joe Sandbox v37 cannot be upgraded via the --updatefast command! 

200 new Signatures


With these brand new Yara and Behavior signatures, Joe Sandbox is able to precisely detect various new malware families like RHADAMANTHYS, Headcrab, Zerobot, IceFire Ransomware, Vector Stealer, iWebUpdate, Pymafka, BlackLotus, SharpHound, ChromeLoader and many more. In addition, we added 13 Malware Configuration Extractors, e.g. RHADAMANTHYS, QBot Downloader, WshRat, Amadey, Titan Stealer, to name a few:




OneNote Support


Joe Sandbox v37 comes with full support for Microsoft OneNote files. Embedded payloads are successfully extracted and detonated:






Malpedia Integration


Our analysis reports now include a threat description, attribution, and URLs to relevant blog post thanks to a new Malpedia integration. The information from Malpedia enables analysts to get additional information on the detected threat. 











Network IOC and machine setup Visualization


Customers using Live Interaction & Results to manually detonate a threat now benefit from a live visualization of network IOCs. The visualization is located on the right side just above the CPU and memory usage:






In addition, Joe Sandbox v37 features a visualization to show the analysis machine setup pre-detonation:




Improved Phishing Detection


Joe Sandbox Beryl comes with a larger update of the phishing detection engine. Recently we have seen a surge of malicious HTML files which are used to deliver phishing and payload. Beryl increases the precision to detect those HTML files:





Final Words


In this blog post, we have presented the most important features of Joe Sandbox Beryl, but there are some other interesting features on top:
  • Added Chrome cache extraction to improve Phishing Detection
  • Added new Cookbook command _JBDisableSampleRenaming()
  • Added v3 signature data for Android
  • Improved ISO file support
  • Improved prevention of specific GetTickCount VM detection
  • Improved PDF sample automation
  • Improved Live Interaction screen performance
  • Improved hardening of analyzer
  • Improved Joe Sandbox ML

Would you like to try Joe Sandbox? Register for a free account on Joe Sandbox Cloud Basic or contact us for an in-depth technical demo!