Explore Joe Security Cloud Basic Accounts Subscribe to our Newsletters Contact Us
top title background image

Analysis Reports of Evasive Malware

Latest Analysis Reports of Evasive Malware generated by Joe Sandbox

Cloud 20.0.0
09/10/2017

Analysis Report
Sandbox Process DOS / overloading

MD5: 1de07d0af66cfa7b504c2f563d45437b

Cloud 20.0.0
18/09/2017

Analysis Report
CCleaner (signed) infected by unknown malware, IcmpSendEcho evasion

MD5: ef694b89ad7addb9a16bb6f26f1efaf7

Cloud 20.0.0
12/09/2017

Analysis Report
Debugger and sandbox detection (file, registry and mutex based)

MD5: 24a3d1d2f36824dfa190d8f93da26432

Cloud 20.0.0
23/08/2017

Analysis Report
Ransomware SyncCrypt using scheduled tasks to evade analysis

MD5: d10c1bd17c1b84a22db0d77515b7c32e

Cloud 20.0.0
16/06/2017

Analysis Report
MacOS MacRansom, uses sysctl hw.model|grep Mac and sysctl -n hw.logicalcpu to check for real machine

MD5: 8fe94843a3e655209c57af587849ac3a

Cloud 16.0.0
03/10/2016

Analysis Report
Loop based & ping sleep based evasions

MD5: 4c3f80e146987a5fcd97b807071e2dd6

Cloud 16.0.0
22/09/2016

Analysis Report
Macro Evasions: Tasks, File Name, GeoIP check

MD5: 09f16077acf6c05e5c293835b3a75a20

Cloud 16.0.0
07/09/2016

Analysis Report
PartOfDomain evasion

MD5: af0e156bd39be48edd884578616ab153

Cloud 16.0.0
31/08/2016

Analysis Report
Zone.Identifier based evasion

MD5: 43b8cc7dc3ff1987354e974d77216b1b

Cloud 16.0.0
27/07/2016

Analysis Report
Time and command line based dropper evasions

c5d5058c8af64b79c9973e492aeb39d8d0e46931

Cloud 15.0.0
13/07/2016

Analysis Report
Extensive use of finger printing (disk, network card, files, directories etc)

MD5: 564ac87ca4114edd6a84a005092f1285

Cloud 15.0.0
07/07/2016

Analysis Report
Malicious Document dropping Cerber Ransom, using timer based Sleep evasion in VBS

MD5: 58258b89e076c4d378436f3b03682402

Cloud 14.0.0
12/05/2016

Analysis Report
TeslaCrypt, Speaker check via COM

MD5: 61f847bcb69d0fe86ad7a4ba3f057be5

Cloud 14.0.0
29/03/2016

Analysis Report
Nymaim, GetSystemTime, API hammering

MD5: f1a12884b999b9e572f91a94043d6e01

Cloud 13.0.0
24/11/2015

Analysis Report
Upatre, NtQuerySystemInformation IdleTime Evasion

MD5: 06a4059da943b09f13ab2909824968de

Cloud 13.0.0
01/10/2015

Analysis Report
Dyre, containing GetTickCount evasion technique

MD5: ad0d7d0903cb059b87892a099fe21d7e

Cloud 13.0.0
07/09/2015

Analysis Report
Multiple known evasion, including foreground window change detection, SCSI descriptor, SystemBiosVersion, VMware and VirtualBox driver file check and PhysicalDrive0 device IO 0x2D1400 trick

MD5: 40D19FBA73C6B011814E2C6920E8792F

Cloud 12.5.0
24/07/2015

Analysis Report
Bot / dropper using SystemBiosVersion, VideoBiosVersion, Disk Identifier and PCI devices for VM detection.

MD5: 9437eabf2fe5d32101e3fbf9f6027880

Cloud 12.5.0
06/05/2015

Analysis Report
Simple evasion based on CPU core check. Check is done via PEB-> NumberOfProcessors. Terminates if core count is smaller than 2.

MD5: cbdda646a20d95f078393506ecdc0796

Cloud 12.5.0
05/05/2015

Execution Graph
Very sophisticated evasions based on sandbox overloading (instructions and APIs), hook detection, sample file name check and memory hashing. If an analysis system / sandbox has been detected it encrypts personal files and kills the MBR.

MD5: f504ef6e9a269e354de802872dc5e209

Cloud 13.0.0
20/04/2015

Analysis Report
Sophisticated evasion based on user behavior detection. Watches for mouse pointer moves and window changes. Checks the size of the disk via IOCTL_DISK_GET_DRIVE_GEOMETRY_EX / DeviceIoControl. Terminates if the disk has less than 5000 cylinders.

MD5: 3616a11fa463644fa20d2317c5971378

Ultimate 12.0.0
20/04/2015

Analysis Report
Simple evasion based on date check: only executes its payload at a particular year and month. Terminates if the year or month does not match.

MD5: 0AF4EF5069F47A371A0CAF22AE2006A6

Ultimate 12.0.0
20/04/2015

Analysis Report
Evasion based on VM detection via Disk/Enum check. Additional evasion based on direct detection of Joe Sandbox with fingerprinting specific software installed on the analysis system. Installed software is enumerated via registry Windows\CurrentVersion\Uninstall key.

MD5: D80E956259C858EACCB53C1AFFAF8141

Desktop 8.0.0
11/09/2013

Analysis Report
Evasion based on VM detection via SetupDiGetClassDevs, SetupDiEnumDeviceInfo and SetupDiGetDeviceRegistryProperty.

MD5: 9fac72a50a7f756d0d3319c686850516