XWorm Malware Attacks Windows To Take RDP Control and Drop Ransomware
A newly discovered XWorm malware variant poses a significant risk to Windows operating systems. This malicious software possesses many capabilities, including remote desktop control, information theft, and the ability to conduct ransomware attacks.
Consequently, Windows users must take the necessary steps to protect their systems against this dangerous threat.
XWorm is a malicious software program designed to infiltrate Windows operating systems. It has gained notoriety as one of the most frequently employed malware strains on platforms like ANY.RUN.
ANY.RUN, an interactive online sandbox for fast malware analysis, has published the results of its researchinto the top cyber threat trends in Q2 2023.
The service, which analyzes 14,000 suspicious files and links daily, discovered that RATs (Remote Access Trojans) and loaders further solidified their positions as the primary security concerns. RATs displayed an increase of 12.8% quarter over quarter.
According to the report shared with Cyber Security News, ANY.RUN discovered XWorm malware using dynamic sandbox analysis, static analysis, and reverse engineering techniques, shedding light on its sophisticated functionalities and evasion mechanisms.
One of the users on ANY.RUN submitted a sample downloaded from a file hosting service and encrypted within an RAR archive. Upon launch, Suricata’s network rules promptly identified it as XWorm.
The application demonstrated features such as creating a shortcut for automatic launch, utilizing a task scheduling mechanism, and trying to connect with a distant server.
Furthermore, the software showcased a unique behavior of attempting to verify whether it’s running on a physical machine or a virtual one, thus employing anti-evasion techniques.
Obfuscation faced in the XWorm Static Analysis led the ANY.RUN team to examine the program through reverse engineering techniques.
Investigate all the ANY.RUN functionality with your own settings and files. Try The Full Power Of Interactive Analysis and Detect malware quickly and efficiently.
Through reverse engineering, they discovered the malware’s configuration extraction process.
Malware Configuration
The configuration decryption involved computing an MD5 hash, copying the hash twice into an array, and utilizing it as an AES key to decrypt base64 strings.
By extracting the malware’s configuration, we gained valuable insights into its communication, behavior, and persistence mechanism, says ANY.RUN.
You can Get a 14-day free trial of ANY.RUN’s top plan for your company or security team today!
Apple fixes first zero-day bug exploited in attacks this year
Apple released security updates to address this year’s first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. […] Read More
Inside Operation Diplomatic Specter: Chinese APT Group’s Stealthy Tactics Exposed
Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat (APT) group as part of an ongoing cyber espionage campaign dubbed Operation Diplomatic Specter since at least late 2022.
“An analysis of this threat actor’s activity reveals long-term espionage operations against at least seven governmental entities,” Palo Alto Networks Read More