Co-authored by Hasherezade and Jérôme Segura.
In this blog post we will cover a recent version of the multi-purpose Neutrino Bot (AKA Kasidet) which ironically was distributed by an exploit kit of the same name. Earlier in January this year, we had described Neutrino Bot that came via spam so we won’t go over those details again, but instead will focus on an interesting loader.
Anti VM detection is complemented by multiple layers hiding the actual core which made extraction of the final payload a bit of challenge.
Full Article