Stanislav Skuratovich, a researcher at Check Point, recently set his sights on a malware called Matsnu, which is an x86 infector that serves as a backdoor after infiltrating a computer system. This malware is able to upload and execute any code—which could potentially encrypt files on disc or uncover sensitive data—on the infected system.
The creator of Matsnu uses domain generation algorithm (DGA) to communicate with a C&C server. This allows the malware to be shielded from attempts of string dumping, blacklisting dumped domains, or shutting down domains. Basically, it renders blocking malicious network activities more difficult since new domains are generated on specified intervals. The malware also employs anti-disassembling features and packing techniques that make the analysis process even tougher.
To view the original article, click here.