Well-known financial crime gang Cobalt Group and other threat actors have recently shifted tactics to incorporate lightweight modular downloaders that vet target machines for their attractiveness before proceeding with a full-fledged attack. Both AdvisorsBot and Marap malwares use junk code, like extra instructions, conditional statements and loops, to slow down reverse engineering; and they use Windows API function hashing, which makes it harder to identify of the malware s functionality. The idea is to increase effectiveness and boost efficiency and ROI for the bad actors.
Source: https://threatpost.com/bad-actors-sizing-up-systems-via-lightweight-recon-malware/137364/