ANY.RUN upgraded its Linux sandbox with features to enhance malware analysis. It now uses a stable Chrome browser for smoother interaction with suspicious websites, while lag in the process tree view is eliminated, allowing for faster exploration of running processes.
Users can now upload new files during ongoing analysis sessions, eliminating the need to restart. File events tracking logs all file actions performed by the malware within the sandbox, providing a more comprehensive analysis report.
It enhanced its Linux sandbox for malware analysis, where researchers can now directly copy-paste within the sandbox for a smoother workflow, while a wider selection of locales (system languages) is available during configuration, which is important because malware behavior can be locale-dependent.
Analyze Advanced Malware with Phishing Attack with ANY.RUN sandbox - Try 14 Days For Free
They also improved the overall stability of the Linux sandbox through bug fixes, performance tweaks, and backend updates, which provides a more efficient and reliable environment for analyzing Linux malware.
According to ANY.RUN, Users can analyze suspicious Linux files or URLs using a Linux sandbox on platforms, where they first upload the file, paste the URL, or choose a Linux file format.
Then, configure the sandbox to run on a Linux operating system. Once users initiate the analysis, the sandbox will display tags indicating threats like “mirai” or “botnet.”
Analyze Malware in Linux & Windows VMs
Sign up for a Free ANY.RUN account to access interactive malware analysis with no limit.
Investigate any threat with ease.
The sandbox delivers a verdict (malicious or safe) and offers detailed reports with information like origin, execution analysis, and distribution methods, which allows for quick and safe analysis of potential Linux malware.
ANY.RUN visualizes malware behavior through a process tree, where users can see parent and child processes (PIDs) and how they interact, while clicking on a specific process provides in-depth analysis of its activity.
Network analysis details network activity like HTTP requests, connections, and DNS requests, helping understand how malware communicates, which allows security analysts to piece together the bigger picture of malware operation, including file uploads and execution, for better investigation and threat response.
It also offers features like IOC collection with network reputation indicators to prioritize investigation, MITRE ATT&CK tactic and technique identification to understand attack methods, process graphs for visualizing malware execution flow, and text reports for summarizing all findings for later review.
The Linux sandbox offered by ANY.RUN provides a safe, cloud-based environment for examining malicious software on Linux.
Security professionals and beginners alike can leverage this platform for real-time behavior monitoring, comprehensive threat detection (including backdoors and crypto miners), and interaction with suspicious files/URLs.
The easy-to-use interface requires minimal setup and delivers detailed reports with identified Indicators of Compromise (IOCs) for further investigation.
Analyze your first URL right away Using ANY.RUN's New Safe Browsing Tool.