Introduction
In this post I explore several sandbox evasion techniques for malware. It’s part of my ongoing Malware Development series where I discover the world of malware development.
⚠️ Warning: This content is for educational and defensive security research purposes only. Do not use these techniques on systems or networks you do not own or have explicit permission to test.
Sandbox evasion
Previously, we implemented function obfuscation into the malware. Function obfuscation only protects against static analysis. Once the sample runs in a sandbox, a malware analyst can observe its real behavior and reverse engineer it. Sandbox evasion is one of the countermeasures for malware analysists. There are many ways for sandbox evasion. In the blog, we will be focusing on the following sandbox evasion techniques:
