Inside XWorm: Malware Analysts Decode the Stealthy Tactics of the Latest Variant
Sep 19, 2023
Malware Analysis / Cyber Threat
XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe. Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significantly enhanced its functionality and solidified its staying power. The analyst team at ANY.RUN came across the newest version of the malware and could not refuse the opportunity of taking it apart to examine XWorm mechanics configurations. Here is how they did it and what they found. The XWorm sample's source The sample in question was discovered in ANY. RUN's database of malware, a repository containing detailed analysis reports on all files and links that have been uploaded by users of the sandbox in public mode. A quick look at the results of the analysis revealed that the sample was initially distributed via MediaFire, a file-hosting service. The malware was packa...
