itachi

README

Itachi — Showcase Sandbox Technology

At each run you will receive five unique samples that are detected by Sandbox, but not by static analysis

DISCLAMER: Files generated by Itachi are supposed to be used for static antimalware analysis and sandbox dynamic analysis. Do not run them on regular Windows. Use these files at your own risk

Samples

☞ Dropper

Upon execution it will write to current directory eicar.com test malware file

Deep Discovery Analyzer Detection: VAN_MALWARE.UMXX

☞ Encryptor

Ransomware malware that "encrypts" all MS Office files in C:\Users directory.

Note: Second run will decrypt them back

Deep Discovery Analyzer Detection: VAN_RANSOMWARE.UMXX

☞ Spyware

Upon execution this sample attempt to connect to wrs21.winshipway.com web site that is harmless but assumed by sandbox to be spyware-related

Deep Discovery Analyzer Detection:VAN_BACKDOOR.UMXX, Troj.Win32.TRX.XXPE50FFF062

☞ Downloader

This sample downloads eicar.com from web site and saves to currecnt directory

Deep Discovery Analyzer Detection: Troj.Win32.TRX.XXPE50FFF062

☞ AntiAV

This sample kills all antimalware related processes

Deep Discovery Analyzer Detection: VAN_MALWARE.UMXX

☞ NoVirus

Harmless file that should not be detected by any security solution.

Note: If it is detected by some static analysis product, it is False Positive

Deep Discovery Analyzer Detection: None

Installation

Not required. Just download Itachi for your OS from releases

Static Analysys for Samples

Although these samples are designed to be detected only by dynamic analysis, some of these files are detected by some static analysis engines. Please refer to following table that shows results faithful for Nov 12 2022:

	spyware	encryptor	dropper	downloader	novirus	antiav
Avast			x
AVG			x
Cybereason					x
Cylance		x	x		x
Cynet	x	x	x	x	x	x
Cyren			x
Elastic			x	x	x
Google	x		x	x
Ikarus	x		x	x
MaxSecure	x	x		x	x
Microsoft		x
SecureAge	x	x	x	x	x	x
Trellix (FireEye)					x