Many strains of malware, particularly credential harvesters, botnet, and cryptocurrency miners will run checks for other similar malware as part of their installation process.
Often, they will remove the existing backdoors prior to placing their own, effectively locking out their competition.
This can be used for threat intelligence. An example of this is in sshbackdors-dumont2018 where they used the Perl recon script in one malware sample to create YARA rules based on what was observed inside of the sample.