Gargoyle is a memory analysis evasion technique that uses return-oriented programming (RoP) for hiding all of a program’s executable code in non-executable memory when it is inactive, and temporarily mark it executable to do some work at a pre-defined interval (every 15 second, in the PoC).
When performing the analysis of a malicious Android program directly on the device, often can be required to dump some network traffic.
The malware detects virtualized environments by taking infected machines’ CPU temperature.
Dynamic and static malware analysis using a lot of preconfigured environments.
Malware authors have always looked for new techniques to stay invisible. This includes being invisible on the compromised machine, but it is even more important to hide malicious indicators and behavior during analysis.
During a penetration test, you could lucky enough to find a RCE vulnerability: in this case, the next step should be to obtain an interactive shell.