This time, the sample did not search for running processes.   ' Process is not running, do our malicious stuff. ProcessList = Process.GetProcessesByName(processName) Example: processName = "tool_executed_by_analyst" This is achieved via the GetProcessesByName system call. But they also search for interesting processes that could reveal that they are being monitored or debugged. They perform some checks against the target and when a positive result is found, they silently exit… Such checks might be testing the screen resolution, the activity of a connected user, the presence of files on the desktop, etc. Usually, modern pieces of malware implement anti-debugging and anti-VM techniques. Just a quick blog post about an interesting sample that I found today.
0 kommentar(er)
