Hide Traces of Sandbox Usage from Your Traffic with Residential Proxy 

From any.run

In ANY.RUN, we have proprietary mechanisms in place to keep malware from realizing it’s in a sandbox. We’re rolling out another feature to mask sandbox activity — Residential proxy (RP). Now, you’ll be able to allocate a home users’ IP address to your VMs, effectively erasing any traces that can hint at a sandbox environment from your network traffic. 

Here’s what it means in practice: 

  • Understand malware behavior better: because malware won’t detect sandbox or data center’s IP, it willbehave normally, allowing for accurate analysis. 
  • Bypass geo-restrictions: emulate local users to analyze region-specific threats. 
  • Investigate C2 traffic without giving yourself away: your connection will mimic an infected user.  

Residential proxy’s greatest power is in analysis of geo-targeted attacks — especially when dealing with phishing. In some phishing campaigns, users are rerouted to different pages based on their geographic location. And some attacks analyze if the traffic is coming from a hosting to detect sandboxes. But with our new feature, you can effectively sidestep these detection attempts. 

Here’s how it all works in practice. 

Read more…