Last week, I published a diary[1] about a PowerShell backdoor running below the radar with a VT score of 0! This time, it’s a dropper with multiple obfuscation techniques in place. It is also important to mention that the injection technique used is similar to Jan’s diary posted yesterday[2] but I decided to review it because it has, here again, a null VT store[3]!
Article Link: More Undetected PowerShell Dropper