The malware detects virtualized environments by taking infected machines’ CPU temperature. When a malware infect a system, one of the next steps that it performs is gain persistence, a mandatory key to ensure the resilience of (for example) the connection with a C&C. I’ve already written some posta about the techniques used by malware in…
Article Link: https://www.andreafortuna.org/malware-analysis/malware-vm-detection-techniques-evolving-an-analysis-of-gravityrat/