XWorm Technical Analysis: New Malware Version
DUBAI, DUBAI, UNITED ARAB EMIRATES, August 29, 2023/EINPresswire.com/ -- ANY.RUN, a cybersecurity company developing an interactive sandbox analytical platform for malware researchers, presents the XWorm Malware Analysis. Here are some highlights from the latest version of a XWorm sample:
ππ‘ππ π’π¬ πππ¨π«π¦
XWorm is a malware that targets Windows operating systems. It is known for its stealth and persistence, and a wide range of malicious activities, spanning from remote desktop control to ransomware and information theft. Adversaries employ this threat widely βitβs not uncommon to see it in ANY.RUNβs top 10 most used malware by uploads.
πππ¨π«π¦ ππ²π§ππ¦π’π π¬ππ§πππ¨π± ππ§ππ₯π²π¬π’π¬
While searching for new threats, ANY.RUN discovered an interesting sample, uploaded by users to Public submissions. It was downloaded from the file hosting βMediafireβ in a RAR archive with a password.
ππ°π¨π«π¦ π¬ππππ’π ππ§ππ₯π²π¬π’π¬
The investigation shows how researchers:
β’ Bypassed XWorm's virtualization detection.
β’ Decrypted the malware's C2 communication.
β’ Detailed the full range of evasion techniques used by XWorm.
β’ Identified an off-by-one error in its code.
β’ Obtained the complete set of the sampleβs IOCs.
πππ―ππ«π¬π ππ§π π’π§πππ«π’π§π : ππ°π¨π«π¦ ππ¨π§ππ’π ππ±ππ«ππππ’π¨π§
After a brief review of the methodsβ contents, a constructor was found that bears a striking resemblance to a block containing settings.
ANY.RUNβs final AES key looks like this: β01d31d5e811fce422987107f962c4001d31d5e811fce422987107f962c406600.β
ANY.RUN efficiently extracts configurations for malware like XWorm, ultimately saving security researchers precious time and resources.
Read the article to see how ANY.RUN successfully analyzed the functionality of XWorm sample, as well as extracted its configuration.
Vlada Belousova
ANYRUN FZCO
2027889264
email us here
Visit us on social media:
Twitter
YouTube
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
