Explore Joe Security Cloud Basic Accounts Subscribe to our Newsletters Contact Us
top title background image

Analysis Reports of Evasive Malware

Latest Analysis Reports of Evasive Malware generated by Joe Sandbox

Cloud 24.0.0
18/11/2018

Analysis Report
Word Document VBA process name and count check

MD5: cd15a7c3cb1725dc9d21160c26ab9c2e

Cloud 24.0.0
07/11/2018

Analysis Report
BianLia Trojan / Banker using date evasion and packing

MD5: 0c52aa43d1244c604b5f073f344677d8

Cloud 24.0.0
27/10/2018

Analysis Report
Banking Trojan Dropper with Anti-Emulator and Anti-Sandbox Stub

MD5: cfa7fdb907e9165a9299fb164dda3b90

Cloud 24.0.0
10/10/2018

Analysis Report
Gootkit e-Banking trojan using a whole bunch of anti-analysis and anti-vm techniques

MD5: 0ee40dfb96795b73c6bc1eef31e59356

Cloud 24.0.0
03/10/2018

Analysis Report
Gozi 2.17 using GetLocaleInfo and GetCursorPos evasions

MD5: 7e17f0f35d50f49407841372f24fbd38

Cloud 23.0.0
14/09/2018

Analysis Report
BONDUPDATER using various WMI querys to check for physical hardware (fan, thermal sensors etc)

MD5: ea6321f55ea83e6f2887a2360f8e55b0

Cloud 23.0.0
04/07/2018

Analysis Report
Evasive Backdoor, Time Evasions, Debugger Detection, VM Detection

MD5: 9e3ea995e40b62adae78e93e6b30780c

Cloud 22.0.0
08/05/2018

Analysis Report
Evasive sample using GetKeyboardLayout to target French computers

MD5: fe1214a06ffc40b1ebb524f185894487

Cloud 21.0.0
20/02/2018

Analysis Report
Olympic Destroyer, Wiper malware targeting Olympic Games 2018 in PyeongChang

MD5: f12fc711529b48bcef52c5ca0a52335a

Cloud 21.0.0
08/02/2018

Analysis Report
Elise malware loaded with Sandbox evasion using CVE-2018-0802 for persistence

MD5: f12fc711529b48bcef52c5ca0a52335a

Cloud 21.0.0
22/12/2017

Analysis Report
Loapi multi Layer unpacking trojan with Mining capabilities

MD5: 3b574b67bf5a80c43e6430d69b72e6ec

Cloud 21.0.0
27/11/2017

Analysis Report
Retefe using MUILanguages Sandbox evasion trick

MD5: 85fc638bd373af9a95c715bc4f8b97fc

Cloud 20.0.0
09/10/2017

Analysis Report
Sandbox Process DOS / overloading

MD5: 1de07d0af66cfa7b504c2f563d45437b

Cloud 20.0.0
18/09/2017

Analysis Report
CCleaner (signed) infected by unknown malware, IcmpSendEcho evasion

MD5: ef694b89ad7addb9a16bb6f26f1efaf7

Cloud 20.0.0
12/09/2017

Analysis Report
Debugger and sandbox detection (file, registry and mutex based)

MD5: 24a3d1d2f36824dfa190d8f93da26432

Cloud 20.0.0
23/08/2017

Analysis Report
Ransomware SyncCrypt using scheduled tasks to evade analysis

MD5: d10c1bd17c1b84a22db0d77515b7c32e

Cloud 20.0.0
16/06/2017

Analysis Report
MacOS MacRansom, uses sysctl hw.model|grep Mac and sysctl -n hw.logicalcpu to check for real machine

MD5: 8fe94843a3e655209c57af587849ac3a

Cloud 16.0.0
03/10/2016

Analysis Report
Loop based & ping sleep based evasions

MD5: 4c3f80e146987a5fcd97b807071e2dd6

Cloud 16.0.0
22/09/2016

Analysis Report
Macro Evasions: Tasks, File Name, GeoIP check

MD5: 09f16077acf6c05e5c293835b3a75a20

Cloud 16.0.0
07/09/2016

Analysis Report
PartOfDomain evasion

MD5: af0e156bd39be48edd884578616ab153

Cloud 16.0.0
31/08/2016

Analysis Report
Zone.Identifier based evasion

MD5: 43b8cc7dc3ff1987354e974d77216b1b

Cloud 16.0.0
27/07/2016

Analysis Report
Time and command line based dropper evasions

c5d5058c8af64b79c9973e492aeb39d8d0e46931

Cloud 15.0.0
13/07/2016

Analysis Report
Extensive use of finger printing (disk, network card, files, directories etc)

MD5: 564ac87ca4114edd6a84a005092f1285

Cloud 15.0.0
07/07/2016

Analysis Report
Malicious Document dropping Cerber Ransom, using timer based Sleep evasion in VBS

MD5: 58258b89e076c4d378436f3b03682402

Cloud 14.0.0
12/05/2016

Analysis Report
TeslaCrypt, Speaker check via COM

MD5: 61f847bcb69d0fe86ad7a4ba3f057be5

Cloud 14.0.0
29/03/2016

Analysis Report
Nymaim, GetSystemTime, API hammering

MD5: f1a12884b999b9e572f91a94043d6e01

Cloud 13.0.0
24/11/2015

Analysis Report
Upatre, NtQuerySystemInformation IdleTime Evasion

MD5: 06a4059da943b09f13ab2909824968de

Cloud 13.0.0
01/10/2015

Analysis Report
Dyre, containing GetTickCount evasion technique

MD5: ad0d7d0903cb059b87892a099fe21d7e

Cloud 13.0.0
07/09/2015

Analysis Report
Multiple known evasion, including foreground window change detection, SCSI descriptor, SystemBiosVersion, VMware and VirtualBox driver file check and PhysicalDrive0 device IO 0x2D1400 trick

MD5: 40D19FBA73C6B011814E2C6920E8792F

Cloud 12.5.0
24/07/2015

Analysis Report
Bot / dropper using SystemBiosVersion, VideoBiosVersion, Disk Identifier and PCI devices for VM detection.

MD5: 9437eabf2fe5d32101e3fbf9f6027880

Cloud 12.5.0
06/05/2015

Analysis Report
Simple evasion based on CPU core check. Check is done via PEB-> NumberOfProcessors. Terminates if core count is smaller than 2.

MD5: cbdda646a20d95f078393506ecdc0796

Cloud 12.5.0
05/05/2015

Execution Graph
Very sophisticated evasions based on sandbox overloading (instructions and APIs), hook detection, sample file name check and memory hashing. If an analysis system / sandbox has been detected it encrypts personal files and kills the MBR.

MD5: f504ef6e9a269e354de802872dc5e209

Cloud 13.0.0
20/04/2015

Analysis Report
Sophisticated evasion based on user behavior detection. Watches for mouse pointer moves and window changes. Checks the size of the disk via IOCTL_DISK_GET_DRIVE_GEOMETRY_EX / DeviceIoControl. Terminates if the disk has less than 5000 cylinders.

MD5: 3616a11fa463644fa20d2317c5971378

Ultimate 12.0.0
20/04/2015

Analysis Report
Simple evasion based on date check: only executes its payload at a particular year and month. Terminates if the year or month does not match.

MD5: 0AF4EF5069F47A371A0CAF22AE2006A6

Ultimate 12.0.0
20/04/2015

Analysis Report
Evasion based on VM detection via Disk/Enum check. Additional evasion based on direct detection of Joe Sandbox with fingerprinting specific software installed on the analysis system. Installed software is enumerated via registry Windows\CurrentVersion\Uninstall key.

MD5: D80E956259C858EACCB53C1AFFAF8141

Desktop 8.0.0
11/09/2013

Analysis Report
Evasion based on VM detection via SetupDiGetClassDevs, SetupDiEnumDeviceInfo and SetupDiGetDeviceRegistryProperty.

MD5: 9fac72a50a7f756d0d3319c686850516