New anti-analysis capabilities
Even though overall JasperLoader's structure has not changed very much since April, its maintainers have been hard at work adding quite a few new modules and features to improve its evasion skills and ability to stay in touch with its masters.
The latest version has added sandbox and virtual machine detection which allows it to stay one step ahead of malware analysts and anti-malware solutions which would try to dissect it by automatically terminating itself when it's executed in a virtual environment.
The previously observed JasperLoader variant used several obfuscation techniques to make analysis more difficult leveraging "character replacement mechanisms and perform mathematical calculations at runtime to reconstruct the PowerShell instructions that will be executed on infected systems."
