With today’s release of VMRay Analyzer 3.0, we’ve set a new standard of performance and accuracy with our flagship solution for automated malware analysis and detection. With version 3.0 security teams can quickly analyze and detect advanced, zero-day and targeted malware—and initiate incident response—stopping attacks and threats that other technologies miss.
The new release:
In this blog post, we briefly describe and illustrate these significant new capabilities, which reinforce VMRay’s position as a market leader in automated malware analysis. Built on an agentless hypervisor-based approach, VMRay Analyzer delivers unparalleled detection efficacy with full visibility into malware behavior, evasion resistance and noise-free analysis results. The platform’s Now, Near, Deep architecture combines our dynamic analysis engine with the strengths of a built-in rapid reputation service and our own static analysis engine. The result: VMRay Analyzer empowers security teams to handle larger analysis volumes, speed up detection and improve the productivity and efficiency of security personnel and infrastructure.
VMRay Analyzer now supports comprehensive analysis of macOS executables and app bundles, enabling security teams to better secure heterogeneous IT operating environments. Analysis results include the following capabilities.
Detailed function logs with full visibility into the behavior of macOS malware
Detection of sandbox evasion techniques and persistence mechanisms
Created, modified and embedded files
URLs embedded in emails or documents are a major infection vector. To fully understand the scope of a new threat or conduct a post-mortem forensic analysis, security teams must be able to quickly assess what is triggered when a user visits a suspicious website. In 3.0, we have bolstered our URL analysis engine in the following areas.
The relationships that exist between malicious files and URLs provide security teams with a great deal of insight into malware attacks. Sample relations expose the relationship between a URL and the associated direct download, a dropper and the associated dropped file, an infostealer and the associated C2 server and so on. These relationships provide contextual information to digital forensic and incident response (DFIR) teams which is critical to responding to an attack as well as preventing one in the future.
VMRay Analyzer 3.0 automatically displays relationships between samples in relevant scenarios. The severity rating of a file or a URL is adjusted based on the nature of its relationship with another malicious sample. There are many sample relation categories, one of which is illustrated below.
In order to facilitate sharing analysis reports with team managers, we have introduced ‘Manager Reports’ which summarize analysis results into a crisp one-page PDF document. These reports can be downloaded from the user interface and shared across the team. Manager Reports include basic information about the file or URL, a severity score, analysis results in each target environment and a list of associated threat indicators.
We have also significantly improved network traffic parsing in VMRay Analyzer 3.0 using an open source network traffic analyzer. This helps us present a comprehensive record of every connection– including application-layer sessions such as all HTTP sessions with their requested URIs, key headers, MIME types, server responses and all files transmitted via HTTP. Analysis reports also include DNS queries and responses.
We have also significantly improved our memory dumps by selecting smarter triggers for this process. Smart memory dumping provides smaller, more relevant memory dumps that can help, for example, in the analysis of a packed malware executable that unpacks itself at run time.
Customized Data Retention Policies
User Experience Improvements
Additional New Features