In this session, we’ll delve into the world of DBatLoader and it’s interesting utilization of sandbox evasion techniques. We’ll explore how DBatLoader leverages a variety of anti-sandbox and anti-analysis techniques to frustrate both automated tools and human analysts. From insertion of junk code and memory bombing to its usage of arbitrary memory writes and AMSI unhooking, DBatLoader doesn’t want to be stealthy – it just wants to destroy your sandbox. But it’s not all doom and gloom! We’ll wrap up by discussing strategies for identifying DBatLoader in the wild and mitigating its evasive tactics, offering practical advice and lessons learned along the way.