Joe Security's Blog
Joe Sandbox v42 - Malachite
Published on: 28.01.2025
Today, we are proud to release Joe Sandbox 42 under the code name Malachite! This release is packed with many new detection signatures and important features to improve Joe Sandbox.
Our Joe Sandbox Cloud Pro, Basic, and OEM servers have recently been upgraded to Malachite.
If you wish to upgrade your on-premise Joe Sandbox installation, please follow the instructions in the chapter on "Updating" in the user guide which you find in our customer portal.
277 new Signatures
Malachite comes with a very large number of new Yara and Behavior signatures to detect new malware families like ValleyRAT, Cerbfyne Stealer, FunkLocker, PondRAT, PUMAKIT, RedLocker, BlackShadow, Iris Stealer, HK BOT, CloudScout and many more. In addition, we added 20 new Malware Configuration Extractors, e.g. for Divulge Stealer, Discord RAT, Millennium RAT, Dot Stealer, DarkVision RAT, INC Ransomware, Mint Stealer, XRed, Jason RAT, MassLogger and Meduza Stealer., to name a few:
We also started adding custom Suricata rules. Malachite includes 22 new rules:
Support for Windows 11 23H2
Malachite officially supports now dynamic analysis on Windows 11 23H2:
APK Zip Corruption
The Android trend from 2023 - exploiting the Zip file implementation difference between Android and the general Zip format - continues with new tricks:
%20_%20X.png)
Hence we added additional checks and fixes in Joe Sandbox v42:
Final Words
In this blog post, we have presented the most important features of Joe Sandbox Malachite, but there are some other interesting features on top:
Improved prevention of various VM detections
Improved analysis of EML / MSG
Improved phishing detection
Improved button clicking on Android analyzer
Added automated installation from unknown sources on Android analyzers
Would you like to try Joe Sandbox? Register for a free account on Joe Sandbox Cloud Basic or contact us for an in-depth technical demo!