21 February 20, 17:05
Quote:Continue Reading
VirusTotal would like to welcome QiAnXin RedDrip to the multi-sandbox project! QiAnXin is now sending execution behavior reports to the VirusTotal ecosystem for a wide variety of file types.
In their own words:
Quote:QiAnXin RedDrip Sandbox, developed by QI-ANXIN Threat Intelligence Center, is a cloud‐based malware analysis service provided to security researchers, analysts as well as ordinary individuals. Based on hardware virtualization technology, the sandbox contains less traits inside the monitored guest system that the malware could be aware of. The runtime environment also gets tailored to behave like a potential victim, rather than an analysis machine. We do this through invalidating available checkpoints, simulating keyboard/mouse interactions, and so on. It is able to handle many file types, probe and trigger infection vectors. These features help us to discover APTs easier and result in the discovery of zero-day attacks in the wild. By using the service, people gain better understanding of the malware and could perform intelligence hunting more conveniently.
On VirusTotal you can find the QiAnXin reports on the Behavior tab:
Here are some interesting samples to highlight QiAnXin RedDrip’s capabilities:
LNK File
Example:
529177610e30a96c2c8a5b40f5015ce449eb611e06d5d75e66730236cc83bdc6
Within the processes and services actions section we can see that the victim would launch a VBE script silently in the background while opening the HWP document. HWP files are popular in South Korea.
...