More info:
Cisco researchers have identified a new malware sample, called Rombertik, that takes its detection evasion features one step further than the average cyber threat.
Instead of simply self-destructing when analysis tools are detected, Rombertik attempts to destroy the device’s master boot record (MBR), researchers wrote in a blog post.
This malware spreads through spam and phishing messages sent to possible victims.
In one example, attackers attempted to convince a user to download an attached document in an email. If downloaded and unzipped, a file that looks like a document thumbnail comes up. Although it mimics a PDF icon, it is actually a .SCR screensaver executable file containing the malware.
At this point Rombertik will first run anti-analysis checks to determine whether it is running within a sandbox. If it isn’t, it will then decrypt and install itself, which then allows it to launch a second copy of itself and to overwrite the second copy with the malware’s core functionality.
...
DANG!!
Need to get it in a sandbox it doesn't recognize.
wow