what interesting malware this is!
i guess it’s particularly interesting to me because of the stego aspect: my final year uni project was an app which could stuff hidden data into images (particularly animated gifs), with a slider-bar controlling the tradeoff between payload capacity and image quality, pre-injection. various tricks were used to minimize distortion. i wish i’d retained a copy of the source!
also the paranoid nature of stegano, and the researchers’ ability to dissect it anyway, makes me wonder how the reverse engineers are doing their jobs. do they perhaps have to have a custom rootkit that hides all the vm and monitoring-related files/processes from the malware?
note: i later found out from a clever guy (jaanus kaap @ clarified security) who works with malware that it’s quite usual to reverse engineer the malware, find out where it is doing its checks, and simply bypass them…