Cyber Security

Dyre Banking Trojan Counts Processor Cores to Detect Sandboxes

“According to Seculert, the new Dyre sample they’ve analyzed is designed to check the number of processor cores on the infected machine. Since most modern PCs have at least two cores, a single core could indicate the presence of a sandbox. That is because sandboxes are usually configured to use only one core in order to save resources.

Numerous threats use anti-sandbox techniques to evade detection. However, most malware families leverage multiple techniques to achieve this goal. Dyre only uses this processor core counting technique, but it appears to be highly effective.”

Source: Dyre Banking Trojan Counts Processor Cores to Detect Sandboxes | SecurityWeek.Com

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.