The Microsoft Defender ATP Research Team has begun to discuss a polymorphic threat (Dexphot) that it has been tracking for over a year. They found that there were layers of obfuscation, encryption and the use of randomized file names hiding the installation process. It then used fileless techniques to run malicious code directly in memory, which makes analysis harder. Dexphot has as its goal to put a cryptocurrency miner on the victim, along with monitoring services and scheduled tasks that will trigger re-infection if the defenders attempt to remove the malware.”]
Source: https://www.darkreading.com/abtv/atp-rises-to-the-polymorphic-malware-challenge/a/d-id/756042