[SANS ISC] Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript

I published the following diary on isc.sans.edu: “Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript“:

I found an interesting VBScript sample that is a perfect textbook case for training or learning purposes. It implements a nice obfuscation technique as well as many classic sandbox detection mechanisms. The script is a dropper: it extracts from its code a DLL that will be loaded if the script is running outside of a sandbox. Its current VT score is 25/57 (SHA256: 29d3955048f21411a869d87fb8dc2b22ff6b6609dd2d95b7ae8d269da7c8cc3d)… [Read more]

[The post [SANS ISC] Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript has been first published on /dev/random]

Article Link: https://blog.rootshell.be/2020/02/07/sans-isc-sandbox-detection-tricks-nice-obfuscation-in-a-single-vbscript/