VMRay Analyzer V 1.11 is now out, and once again we’re happy with the result and the added functionality we’ve baked in. Here’s an overview of some of the new features:
CarbonBlack (CB) is the industry’s leading EDR vendor so they were a logical choice for our first out of the box integration. With this connector, joint customers can have CB automatically submit files for analysis by VMRay, and ingest IOCs resulting from analysis. We’ll provide more details in an upcoming blog post. You can download the connector on Github here.
We’ve improved the user experience across the board, for both administrators and users. Convenient filtering and searching have been added.
We redesigned the:
We also improved user administration management in admin dashboard.
You can now search for comments in the extended search.
Sample Overview Page
Sample Overview Page
Analysis File Page
YARA Rules are a popular way to share IOCs within communities and to flag particular malware attributes and activity. V 1.11 adds support for YARA. Rulesets can be created in the user profile. Analysis reports can be regenerated when new YARA/VTI rules are applied.
VMRay Analyzer has supported manual interaction with samples being analyzed for quite some time through VNC. However, this was only an option for on-premise customers and required allowing a VNC connection from the user desktop to VMRay. Now, remote interaction with malware being analyzed is possible through a browser. We’ve added direct integration of VNC into the web interface. Users can view and interact with the VM directly on the job view page (see job view page).
Accurately replicating user interaction inside an automated analysis environment is a big challenge. Malware authors rely ever more heavily on social engineering. Successful malware installs depend on coaxing unwitting users to allow malware to install and run on their machines, as we discussed in our post on Word macro malware. With this release, we’ve gone further than automating button and prompt clicking. VMRay Analyzer now performs automated clicks in MS Office and PDF documents to detonate any links, even when obfuscated in images rather than buttons.
For the full list of changes and fixes, customers can consult the changelog in the online documentation.
Follow us on Twitter @VMRay to get updates on future blog posts like this.