VxStream Sandbox - Automated Malware Analysis System
VxStream Sandbox is an innovative and fully automated malware analysis system that includes Hybrid Analysis technology. It is available as a standalone software package and can be installed at a local site including a webservice and API. It works with VMWare ESX, VirtualBox and Windows XP up to Windows 8.1. The feature set is extensive and reaches from JSON/XML/HTML report formats to over 350 generic behavior indicators. What makes it innovative is Hybrid Analysis (see our blogpost). Using Hybrid Analysis, it is possible to detect and analyze dormant code, shellcode or dropped files and extract valuable artifacts and threat indicators. In general, this leads to a lot more significant behavior data that can be used to better understand and adapt to threats. Offering a wide range of configuration options, an open Python based behavior indicator interface, an intuitive user-centered design and machine-parsable output formats, you have a high-tech forensics tool at hand to integrate into your IT-security product or security lifecycle. The system comes with a load balancing controller that makes sure VM parallelization scales efficiently allowing you to process data on a large scale, if necessary.
Do you want to automatically scan your E-Mail attachments? Then checkout our brand new VxStream Bridge add-on.
Where is VxStream Sandbox situated in the value added chain?
Today, modern IT security has accepted that it is not possible to prevent targeted attacks or threats breaching security boundaries. Instead, we need to focus on detection and being able to rapidly respond to an incidence. Anti-Virus engines that rely on patterns are too slow and need days or weeks to react to new malware variants. Making an intelligent decision based on a file's behavior, while at the same time also analyzing the full process memory is the optimal approach to understand malware, whether it's evasive or not.
On our malware analysis service we see samples that have a detection rate of 5% or less on VirusTotal at a daily level, while our own Threat Score ranges at 80/100 and above for those samples. The ability to detect unknown threats is what makes VxStream Sandbox so strong.
VxStream Sandbox allows you to run your own large-scale system to analyze and extract intelligence, but also as a self-service for your company. Due to its simple interface it can integrate smoothly into your own workflow and systems. VxStream Sandbox is a high-end, fully automated malware analysis system for SOCs, CERTs, DFIR teams, IT-security forensic labs, researchers or vendors using e.g. SIEM systems or their own solutions. Feel free to try out our free malware analysis service at hybrid-analysis.com or reverse.it.
Webservice with user- and client-management
Analyze files on multiple environments
Highly configurable (add/edit your own indicators, prepare the VM as you like, etc.)
Hybrid Analysis (extract non-executed behavior even from evasive malware due to full memory analysis)
Optional Kernelmode Monitor (malware process is not modified)
Extensive VirusTotal Integration (IP cross-checks, dropped files, etc.)
Advanced anti-analysis technology (including 'action scripts' that simulate human behavior)
Threat Score for impact evaluation (quickly understand the malicious impact of your artifact)
Extensive file type support (PE, Office, PDF, LNK, CHM, JAR and even EML files)
Unique engines (deobfuscate VBS, VBE extraction & decode, PDF link extractor, SWF decompilation, etc.)
Simple API and integration capabilities
... and more
HP ArcSight Integration
VxStream Sandbox also has some extended integration capabilities for SIEM (security information event management) systems such as HP ArcSight. Below you see some sample dashboards and events feeded directly from our free malware analysis webservice.
Here are some sample reports:
Download VxStream Feature Comparison (PDF, 49 KB)
Got your interest? Then get in touch and schedule a technical presentation or request a quote.