Modern malware samples implement a lot of anti-debugging and anti-analysis techniques. The idea is to slow down the malware analyst’s job or, more simply, to bypass security solutions like sandboxes. These days, I see more and more malware samples written in Python that have these built-in capabilities. One of them is the detection of “suspicious” IP addresses.
Article Link: https://isc.sans.edu/diary/rss/30068