Thursday, July 30, 13:10
Home security Malware checks if it is running on Any.Run to avoid parsing

Malware checks if it is running on Any.Run to avoid parsing

Any.Run

Malware creators have begun to check if malware software their is executed in service Any.Run malware analysis, to prevent easy analysis of malware by researchers.

The Any.Run is a malware analysis sandbox service, allowing researchers and users to safely analyze malware without compromising their computers their.

When an executable file is submitted to Any.Run, the sandbox service will create a Windows virtual machine with an interactive remote desktop and run the submission file inside this.

Researchers can use the interactive Windows desktop to see what behavior the malware exhibits, as Any.Run records the activity network, file activity and registry changes.

The malware starts checking if they are running on Any.Run

The security researcher JAMESWT discovered a new spam campaign, where maliciously PowerShell scripts download and install malware on one computer.

During the execution of the first script, two scripts are downloaded to the victim's computer, which contain malware.

The above script will decode the embedded malware and run it on the computer.

When the second script is executed, it will start Azorult Trojan, which steals passwords access.

If it detects that the program is running on Any.Run, the message will appear "Any.run Deteceted!" and will stop working. So, the malware will not run and the sandbox will not be able to analyze it.

malware

Using this method, cybercriminals make it difficult for researchers to analyze attacks via Any.Run.

Of course, researchers can find other ways to analyze a particular malware software, but will need to put more effort.

Security researchers increasingly rely on malware analysis platforms such as Any.Run, which goes unnoticed by malicious people. hackers. Therefore, we have to wait for them to find other ways to avoid detecting and analyzing their software.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

Jeff Bezos: He does not deny that Amazon used sales data

Jeff Bezos admitted at the hearing that he can not guarantee that Amazon has not used the data of third party sellers to ...

Hackers for rent target law and fintech companies!

Kaspersky, a Russian cybersecurity company, has discovered a new group of rental hackers that seems to have been active for a decade. This ...

Extend the life of your old PS4 and Xbox One!

If you bought a new Xbox One or PS4 in 2013, when these consoles were first released, it will be seven years old today. And...

400TB SSD capacity can be released by 2023!

A new era for storage is coming, as Nimbus Data has revealed that a 400TB SSD may be released until ...

Red Hat Enterprice: The new 3.8 beta has been released

Recently, after 6 months of development, the Red Hat Linux team announced the beta version of ...

WhatsApp: Tests connecting an account to 4 devices!

According to information, WhatsApp seems to be testing the ability to connect the same account of a user to many different devices.

Ledger: Hacking attack on the company with the safest bitcoin wallets hardware!

The company with the safest bitcoin hardware wallets in the world, "Ledger", was hacked. As she mentioned in a related ...

Promo.com hacked: Update passwords immediately!

A security breach in a third party service, which led to the leak of some Slidely and Promo passwords, was discovered on 21 ...
00:01:44

Cannabis: Scientists modified it to kill cancer

It is scientifically proven that the chemical compounds found in cannabis, especially cannabidiol (CBD), are effective in treating the symptoms of many ...

Trump spreads misleading video about COVID-19

President Donald Trump bombed Twitter after posting a new misleading video of Covid-19 released Monday.