Sandbox Evasion

  • NTP time lookup - sleep 5 minutes - perform NTP time lookup and confirm that the time has gone forward are intended - probably not on sandbox

  • host checks

  • User checks

Targetted Malware deployment:

  • Domain system is connected to

  • User account

  • Hostname

  • Mac Address

  • RAM

  • Harddrive

  • Process

  • Is not VM

Check the following for coding examples:

LogoGitHub - Arvanaghi/CheckPlease: Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust.GitHub
PreviousObfuscationNextWin32 API

Last updated