Видео Tria.ge sandbox detector

[pryx]

This is specially made to detect and bypass tria.ge sandboxes

youtube video mirror​

 

[pryx]

Triage sandbox detect.rar

This file has been shared with you on pixeldrain

pixeldrain.com

zip archive

 

[celty]

Крутой видик, показать вот смотрите я обошел сандбокс, но саму реализацию я не увидел. Да и код достаточно маленький, думаю там просто проверка на кол-во ядер

 

[Tomek]

Tria.ge is shit, even simple cpuid emulation time is enough to detect it, from my own experience I can tell this is one of the worst sandboxes if it comes to spoofing, they maybe just don't care

 

[pryx]

Крутой видик, показать вот смотрите я обошел сандбокс, но саму реализацию я не увидел. Да и код достаточно маленький, думаю там просто проверка на кол-во ядер

It checks if the sandbox had been running for more than 15 hours and if it had some specified files the malware detects it. -- and it checks some etw in the sandbox

 

[pryx]

Tria.ge is shit, even simple cpuid emulation time is enough to detect it, from my own experience I can tell this is one of the worst sandboxes if it comes to spoofing, they maybe just don't care

Real