Skip to content

DET0616 Detection of Virtualization/Sandbox Evasion

Item Value
ID DET0616
Version 1.0
Created 21 October 2025
Last Modified 21 October 2025

Technique Detected: T1633 (Virtualization/Sandbox Evasion)

Analytics

Android

AN1673

Application vetting services could look for applications attempting to get android.os.SystemProperties or getprop with the runtime exec() commands. This could indicate some level of sandbox evasion, as Google recommends against using system properties within applications.

Log Sources
Data Component Name Channel
API Calls (DC0112) Application Vetting None
Mutable Elements
Field Description

iOS

AN1674

Application vetting services could look for applications attempting to get android.os.SystemProperties or getprop with the runtime exec() commands. This could indicate some level of sandbox evasion, as Google recommends against using system properties within applications.

Log Sources
Data Component Name Channel
API Calls (DC0112) Application Vetting None
Mutable Elements
Field Description