Retrieve HDD Information

Sandbox Evasion

Malware can figure out if it's in a virtual environment by checking hard drive info. It looks for specific details like serial and model numbers. This is easier to spot in VirtualBox because it shows clues that it's running in a virtual space.

Malware uses this trick to avoid getting caught. It does this by using a special command …

Detecting Hostname, Username

Sandbox Evasion

Most sandbox are using name like Sandbox, Cuckoo, Maltest, Malware, malsand, ClonePC.... All this hostname can provide the information to the malware. The username can also be checked by malware.

Detecting USB Drive

Sandbox Evasion

To detect whether a program is running in a sandbox environment, malware can look for the presence of USB drives. Many sandboxes do not have USB ports or do not allow access to USB drives, and detecting the absence of USB drives can help identify whether the program is being run in a sandbox.

Geofencing

Others

Geofencing in malware refers to a technique used by cybercriminals to restrict the distribution or activation of malicious software based on geographical location. Malware authors use geofencing to target specific regions or avoid certain areas, such as their home country, in order to evade detection, minimize the chances of being investigated, or maximize the effectiveness of their attacks.

Geofencing …

Search For Content

Search Result

Retrieve HDD Information

Sandbox Evasion

Detecting Hostname, Username

Sandbox Evasion

Detecting USB Drive

Sandbox Evasion

Geofencing

Others