Dexphot was first spotted in October 2018 affecting thousands of computers, with attackers upgrading the malware over the following months to a level that left little to analyze. Researchers at Microsoft tracked the malware for about a year observing the combination of methods that let it slip through the cracks. Code obfuscation, encryption, randomized file names, and deploying malicious code in memory were among the methods used to avoid detection. The threat had a surge in mid-June this year, when it landed on tens of thousands of machines.
Source: https://www.bleepingcomputer.com/news/security/dexphot-polymorphic-malware-shows-complexity-of-everyday-threats/