Gruber J, Freiling F (2022)
Publication Type: Journal article
Publication year: 2022
Book Volume: 46
Pages Range: 284-290
Journal Issue: 5
URI: https://link.springer.com/article/10.1007/s11623-022-1604-9
DOI: 10.1007/s11623-022-1604-9
Sandboxes are an indispensable tool in dynamic malware analysis today. However, modern malware often employs sandbox-detection methods to exhibit non-malicious behaviour within sandboxes and therefore evade automatic analysis. One category of sandbox-detection techniques are reverse Turing tests (RTTs) to determine the presence of a human operator. In order to pass these RTTs, we propose a novel approach which builds up on virtual machine introspection (VMI) to automatically reconstruct the graphical user interface, determine clickable buttons and inject human interface device events via direct control of virtualized human interface devices in a stealthy way. We extend the VMI-based open-source sandbox DRAKVUF with our approach and show that it successfully passes RTTs commonly employed by malware in the wild to detect sandboxes.
APA:
Gruber, J., & Freiling, F. (2022). Fighting Evasive Malware. Datenschutz und Datensicherheit, 46(5), 284-290. https://doi.org/10.1007/s11623-022-1604-9
MLA:
Gruber, Jan, and Felix Freiling. "Fighting Evasive Malware." Datenschutz und Datensicherheit 46.5 (2022): 284-290.
BibTeX: Download