Created
March 8, 2021 07:37
-
-
Save kaganisildak/23c00c6c1525fb907a6246d603d01170 to your computer and use it in GitHub Desktop.
Detect Online Sandbox : Any.Run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Any.Run uses a fake root certificate to spy on traffic in the sandbox. The first information about the system can be obtained by querying the root certificate information. | |
The QEMU Agent application is modified and used to monitor the applications running in the virtual machine. In this way, api hooking and monitoring is performed. If a process named "srvpost.exe" is running and "winanr.dll", "winsanr.dll" libraries are loaded, we can fully understand that the Any.Run agent is running. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment