Thursday, June 30, 2016
Feedly:Fortinet Blog | News and Threat Research - All Posts. Cracking Locky’s New Anti-Sandbox Technique
from Fortinet Blog | News and Threat Research - All Posts
The last few weeks saw new variants of the Locky ransomware that employs a new anti-sandbox technique. In these new variants, Locky’s loader code uses a seed parameter from its JavaScript downloader in order to decrypt embedded malicious code and execute it properly. For example, the downloaded Locky executable is executed by the JavaScript in the following manner: sample.exe 123 Below is a screenshot of it in action: This new trick may pose challenges for automated Locky tracking systems that utilize sandboxing due to the following...