Sophos Sandstorm analýza
Analýza technologií Sandboxing může pomoci tam kde si jiné technologie nevědí rady. Sophos nyní integroval do služby Sandboxing i další novou technologii – Deep Learning. Přikládám výňatek z analýzy jednoho útoku z naší brány. Běžný antivir útok nebyl schopný rozpoznat, zatímco na analýze Sophos Sandstorm, jasně
vidíme, že kód je nebezpečný.
Sandstorm – analýza:
This item was downloaded 1 time by 1 user.
Download Details
Recipient Addressinfo@awinit.cz
File NamePOGDV-0703018B.rar
File Type (MIME)application/x-rar-compressed
Analysis Time06m10s
Analysis Result
Suspicious
An executable with low reputation is detected by Machine Learning classifier
Reads data from local FTP clients
A process was injected into by writing directly to an API address
Reads data from the local Windows system configuration
Signature
Exhibits known behavior for the Fareit malware family
Evasion
Checks for the presence of a debugger
Memory
Changes the permissions of a memory region used by system libraries
Network
Issues one or more HTTP POST requests
Sends data to a PHP script over HTTP