Google-owned VirusTotal announced on Thursday the launch of a new Android sandbox designed to provide detailed information on potential threats targeting the mobile operating system.
The new sandbox, named VirusTotal Droidy, is designed to replace a system introduced back in 2013. Droidy can help researchers obtain information on network communications and SMS-related activities, file system interactions, SQLite database usage, permissions, Java reflection calls, process and service actions, registered receivers, and crypto-related activity.
Information from the Droidy sandbox is available in the Behavior section, and it can be selected from the dropdown menu that also includes the Tencent HABO analysis system. VirusTotal noted that the data from Droidy complements Tencent HABO – they are both part of a multisandbox project that aims to aggregate malware analysis sandbox reports.
Selecting Droidy from the behavior menu displays some general information about the analyzed file (example), but users can also obtain a detailed report that allows them to “dig into the hooked calls and take a look at the screenshots generated when running the apps.”
Droidy integrates with other services, such as VirusTotal Graph and VirusTotal Intelligence. VirusTotal says its goal is to generate as much information as possible in order to help investigators get a better understanding of a particular threat.
“Very often during an investigation, you might not have enough context about an individual threat, and so being able to look at the connected URLs, domains, files, IP addresses, etc. becomes crucial in understanding what is going on,” explained VirusTotal’s Emiliano Martinez.
VirusTotal also announced recently that it has made several improvements to the MacOS sandbox.
Related: VirusTotal Now Scans Firmware Images