21 September 18, 21:00
Quote:Delphi is a legitimate integrated development environment (IDE) for rapid application development of desktop, mobile, web and console software, developed by Embarcadero Technologies. FireEye researchers have observed bad actors using it to more easily write malware that leverages Windows API functions to create anti-sandbox features.
“In fact, some actors deliberately include the default libraries as a diversion to hamper static analysis and make the application look legit during dynamic analysis,” they said, in a Thursday posting on the trend.
FireEye recently uncovered several malware samples in circulation using a unique Delphi-written packer that’s focused on using APIs to separate analysis environments from real targets.
“We…see an increased effort to model normal user activity and baseline it as an effective countermeasure to fingerprint malware analysis environments,” the team noted. They added that it looks for straightforward behavior: For instance, normal user activity typically involves application windows being changed, and mouse movements.
Source: https://threatpost.com/delphi-packer-loo...ad/137609/