Astroidv2 | BEST ✭ |

1.1 Background on AstroidV1 1.2 Evolution to AstroidV2

4.1 Anti-VM and Anti-Sandbox 4.2 API Hooking Detection astroidv2

This paper presents a comprehensive analysis of AstroidV2, a successor to the previously undocumented Astroid malware family. Leveraging a hybrid command-and-control (C2) architecture combining DNS tunneling and decentralized Telegram bot APIs, AstroidV2 demonstrates a 40% improvement in network evasion compared to its predecessor. We detail its anti-analysis techniques, including environmental keying, sleep obfuscation, and direct system call invocation. A reverse-engineered sample reveals modular capabilities for keylogging, credential theft, and lateral movement via SMB. Defensive recommendations include network-level DNS filtering and memory signature detection. including environmental keying