Online sandboxes are widely used for malware analysis. To evade detection, many malware families implement checks to identify if they are running in such environments. Below are examples of detection techniques for Any.Run and Tria.ge.

Detecting Any.Run

• Any.Run uses a fake root certificate to spy on sandbox traffic. System information can be obtained by querying …