Sophos Sandstorm analýza

Analýza technologií Sandboxing může pomoci tam kde si jiné technologie nevědí rady. Sophos nyní integroval do služby Sandboxing i další novou technologii – Deep Learning. Přikládám výňatek z analýzy jednoho útoku z naší brány. Běžný antivir útok nebyl schopný rozpoznat, zatímco na analýze Sophos Sandstorm, jasně
vidíme, že kód je nebezpečný.

Sandstorm – analýza:

This item was downloaded 1 time by 1 user.
Download Details
Recipient Addressinfo@awinit.cz
File NamePOGDV-0703018B.rar
File Type (MIME)application/x-rar-compressed
Analysis Time06m10s
Analysis Result
Suspicious

An executable with low reputation is detected by Machine Learning classifier
Reads data from local FTP clients
A process was injected into by writing directly to an API address
Reads data from the local Windows system configuration

Signature

Exhibits known behavior for the Fareit malware family

Evasion

Checks for the presence of a debugger

Memory

Changes the permissions of a memory region used by system libraries

Network

Issues one or more HTTP POST requests
Sends data to a PHP script over HTTP