It further extracts the list of running processes and compares it against a predefined blocklist.
The malware, upon execution, checks if it's running in a virtual environment in an attempt to thwart analysis. Also spotted by Trellix is a Telegram group named deathinews, indicating that these online avenues could be used to promote the offering in the future as a service for other threat actors.
0 kommentar(er)
