Neutrino Bot (AKA Kasidet) is known for its diverse feature set ranging from snooping on victims to performing DDos attacks. This latest version includes a hardened protective layer aimed at defeating sandboxes and hiding the bot from discovery. The infection flow starts with a fingerprinting check for virtualization, network traffic capture and antivirus software. The final step is the download and execution of the RC4 encoded payload via wscript.exe to bypass proxies. When it detects that it is being run in a VM/sandbox it just deletes itself.”]
Source: https://blog.malwarebytes.com/threat-analysis/2017/02/new-neutrino-bot-comes-in-a-protective-loader/