anti sandbox

MDS’ Evasion Feature of Anti-sandboxes That Uses Pop-up Windows

AhnLab Security Emergency response Center (ASEC) is monitoring various anti-sandbox tactics to evade sandboxes. This post will cover the rather persistent anti-sandbox technique that exploits the button form of the malicious IcedID Word files and the evasion feature of AhnLab’s MDS which is meant for detecting malicious behavior. An anti-sandbox technique that exploits the button form is contained within the malicious IcedID Word file (convert.dot); however, a 2-step process is required to be done by a user before the malicious…

Bumblebee Being Distributed in Korea Through Email Hijacking

The ASEC analysis team has recently discovered the active distribution of Bumblebee, a downloader type malware. It is distributed using phishing emails in ISO file, and this file contains a shortcut and malicious DLL file. There were also cases of malware being distributed to Korean users through email hijacking. The image below shows phishing emails distributing Bumblebee. They hijacked normal emails and were sent to users as replies with malicious attachments. Users who receive the email may open the attachment…

CHM Malware Types with Anti-Sandbox Technique and Targeting Companies

Among CHM strains that are recently being distributed in Korea, the ASEC analysis team has discovered those applied with the anti-sandbox technique and targeting companies. Both types were introduced in the ASEC blog in March and May. The type with the anti-sandbox technique checks the user PC environment before dropping malicious VBE file. The HTML code included in the CHM file is shown below. The code creates and runs normal program (EXE) and malicious DLL file. The malicious DLL created…