Recently we came across a new malware strain, first discovered by @hFireF0X, and at point of discovery, it was not detected by any of the 56 anti-virus programs tested by VirusTotal service.
It is not yet known who is behind this malware, and as no string in the file disclosed its original name we code-named it “Furtim”, which is the Latin translation for “stealthy”. In fact, Furtim, as we’ll show, goes through great lengths to avoid being caught by security parties. For example, Furtim won’t install itself if it identifies on the target machine one of an extensive list of security products (both common and esoteric), sandbox or virtualization environments.
These threat actors would rather give up on a target, than take the chance of being exposed.
Given these interesting facts, we decided to perform a deep analysis of this new malware sample.