A newly discovered XWorm malware variant poses a significant risk to Windows operating systems. This malicious software possesses many capabilities, including remote desktop control, information theft, and the ability to conduct ransomware attacks.
Consequently, Windows users must take the necessary steps to protect their systems against this dangerous threat.
The service, which analyzes 14,000 suspicious files and links daily, discovered that RATs (Remote Access Trojans) and loaders further solidified their positions as the primary security concerns. RATs displayed an increase of 12.8% quarter over quarter.
Technical Analysis of a New Malware Version
The application demonstrated features such as creating a shortcut for automatic launch, utilizing a task scheduling mechanism, and trying to connect with a distant server.
Furthermore, the software showcased a unique behavior of attempting to verify whether it’s running on a physical machine or a virtual one, thus employing anti-evasion techniques.
Document
FREE Trial
Malware Hunting With Live Access To The Heart Of An Incident.
Reverse Engineering: Additional Anti-evasion Techniques
Script that locates machine location
A query to check whether the current machine is hosted or located in a data center.
Script accessing registry
The sample also gains a foothold by utilizing the registry and the task scheduler.
Reverse Engineering: XWorm Configuration Extraction
Through reverse engineering, they discovered the malware’s configuration extraction process.
Malware Configuration
The configuration decryption involved computing an MD5 hash, copying the hash twice into an array, and utilizing it as an AES key to decrypt base64 strings.
