Malware developers are now checking if their malware is running in the Any.Run malware analysis sandbox service. Malware creators are trying to make it more difficult for researchers to analyze their attacks using an automated system. This will cause the malware to not be executed so that the sandbox cannot analyze it. Researchers can utilize the interactive Windows desktop to see what behavior the malware is exhibiting, while AnyRun records its network activity, file activity, and registry changes. The Azorult password-stealing Trojan would be allowed to execute and steal saved login credentials in browsers and other software.
Source: https://www.bleepingcomputer.com/news/security/malware-adds-online-sandbox-detection-to-evade-analysis/