

The malware has been constructed with sales in mind, containing five core modules with configuration auto-update capabilities and a structure which allows future modules to be easily integrated within L0rdix.ĬNET: Microsoft now lets you log into Outlook, Skype, Xbox Live without a password

"The less common checks made by L0rdix include searching processes that load sbiedll.dll which belongs to the sandboxie product, aspiring to increase its chances to avoid running in a simple free virtual environment tool," Hunter added. L0rdix not only performs a number of standard scans to detect these environments but also uses WMI queries and registry keys to search for strings which may indicate sandbox products. The developers of L0rdix have made an effort when it comes to virtual environments and sandboxes, which are commonly used by researchers for the purposes of reverse engineering and malware analysis. The malware is obfuscated using the standard ConfuserEx obfuscator, and some samples have been tweaked with the more sophisticated. NET, L0rdix has been developed with stealth in mind. There are, however, indicators that L0rdix is still undergoing development despite an array of different functions already implemented within the malware. In a blog post on Tuesday, enSilo researcher Ben Hunter said the tool is relatively new and is available for purchase.

Swissknife windows 10 software#
The software is called L0rdix and according to cybersecurity researchers from enSilo is "aimed at infecting Windows-based machines, combines stealing and cryptocurrency mining methods, can avoid malware analysis tools."
Swissknife windows 10 install#
