Explore Joe Security Cloud Basic Accounts Subscribe to our Newsletters Contact Us
top title background image

Joe Security's Blog

OEM'ing Joe Sandbox

Here at Joe Security, we have a long tradition of doing OEM business. OEM stands for original equipment manufacturer and is kind of misleading term. Today OEM is often used to describe that company B can integrate, bundle or resell a product of company A. Why do companies integrating dynamic malware analysis system (sandboxes) into their products? Well a sandbox enables your product to: Detect unknown malware with high detection precision Determine the payload and type of malware Get IOC's and additional forensic artifacts about a thread Looking at use-cases the following industries/vendors/tools can benefit from Sandbox integrations: Secure Gateway & Firewall vendors Secure Gateways and Firewalls can extract samples from the wire and send them to the sandbox.


Deep Analysis of Android Ransom Charger

A couple of days ago, Checkpoint discovered a nice new Android malware (MD5: 2b83bd1d97eb911e9d53765edb5ea79e), you can find the full blog post here. While the find is interesting, their analysis lacks depth, important details being left out. That’s why we thought giving it a shot and analyze it with Joe Sandbox Mobile to share more technical details that will help us better understand the malware's behavior. We will focus here on the technical aspect rather than talk about the "Charger" app itself.


Detecting malicious e-Mails with Joe Sandbox Mail

Nowadays, e-mails have become a defacto standard way to deliver malware to endpoints, infections through the web browser becoming seldom. Attackers are now crafting more sophisticated malware embedded in e-mails that are hard to detect as the example below demonstrates: Here are some interesting facts about this e-mail: It is sent directly to the target person It spells the target persons name correctly The text is well written  Sender address is valid and looks benign Company looks benign The attachment is a document, not zip or exe We get lot of invoices by e-mail today, so this seems usual From looking at the e-mail, it is very difficult to determine if the attachment is safe to open or not. What happens if you open the document? Very likely your PC will be infected with ransomware encrypting all your files: In order to help end users to determine if an e-mail has malicious attachments, we have developed Joe Sandbox Mail. Joe Sandbox Mail integrates seamlessly into Microsoft Outlook and comes as a Windows installer package (MSI): With just one click you can submit e-mail attachments to Joe Sandbox Cloud, Desktop, Complete or Ultimate for in-depth analysis & detection: After analyzing the attachment, an alert informs you about the threat and flags the e-mail as malicious: Joe Sandbox Mail is simple to use, does not require any technical expertise and uses the power of Joe Sandbox for malware detection.


Older Posts