Sleeping Your Way out of the Sandbox

In recent years, the security landscape has witnessed the rise of a new breed of malware, Advanced Persistence Threat, or APT for short. With all traditional security solutions failing to address this new threat, a demand was created for new solutions that are capable of addressing the advanced capabilities of APT. One of the offered solutions was file-based sandboxes, a solution that dynamically analyzes files and judges their threat levels based on their behavior in an emulated/virtual environment. But security is a cat and mouse game, and malware authors are always trying to detect/bypass such measures. Some of the common techniques used by malware for sandbox evasion will be discussed in this paper. This paper will also analyze how to turn some countermeasures used by sandboxes against it. Finally, it will introduce some new ideas for sandbox evasion along with recommendations to address them.