A newly discovered cryptomining threat targeting web servers, network drives, and removable drives comes filled to the brim with exploits and precautions against analysis tools and environments. The end goal is to turn compromised machines into Monero mining rigs. To evade the scrutiny of malware researchers, once BlackSquid gains access to a server it checks for signs of an analysis environment, such as a virtual machine, sandbox, or a debugger. As of this writing, the code is set at 0, implying that this aspect of the malware routine is still in development.
Source: https://www.bleepingcomputer.com/news/security/blacksquid-uses-7-exploits-to-infect-web-servers-with-miners/