Talos posted a blog, September 2015, which aimed to identify how often seemingly benign software can be rightly condemned for being a piece of malware. With this in mind, this blog presents an interesting piece of “software” which we felt deserved additional information disclosure. This software exhibits several questionable behaviors including:
- Attempts to detect sandboxes via a number of techniques
- Attempts to detect AV
- Attempts to detect security tools and forensic software
- Attempts to detect remote desktop
- Secretly installs software on the end host without user interaction or EULAs
- Informs C2 via encrypted channel what software was installed and what “effective_price” was associated with it
CONNECT WITH US