(MENAFN- EIN Presswire)
DUBAI, DUBAI, UNITED ARAB EMIRATES, August 29, 2023/EINPresswire/ -- ANY.RUN , a cybersecurity company developing an interactive sandbox analytical platform for malware researchers, presents the XWorm Malware Analysis. Here are some highlights from the latest version of a XWorm sample:
What is XWorm
XWorm is a malware that targets Windows operating systems. It is known for its stealth and persistence, and a wide range of maliciactivities, spanning from remote desktop control to ransomware and information theft. Adversaries employ this threat widely -it's not uncommon to see it in ANY.RUN's top 10 most used malware by uploads.
XWorm dynamic sandbox analysis
While searching for new threats, ANY.RUN discovered an interesting sample, uploaded by users to Public submissions. It was downloaded from the file hosting“Mediafire” in a RAR archive with a password.
Xworm static analysis
The investigation shows how researchers:
. Bypassed XWorm's virtualization detection.
. Decrypted the malware's C2 communication.
. Detailed the full range of evasion techniques used by XWorm.
. Identified an off-by-one error in its code.
. Obtained the complete set of the sample's IOCs.
Reverse engineering: Xworm config extraction
After a brief review of the methods' contents, a constructor was found that bears a striking resemblance to a block containing settings.
ANY.RUN's final AES key looks like this:“01d31d5e811fce422987107f962c4001d31d5e811fce422987107f962c406600.”
ANY.RUN efficiently extracts configurations for malware like XWorm, ultimately saving security researchers precitime and resources.
Read the article to see how ANY.RUN successfully analyzed the functionality of XWorm sample, as well as extracted its configuration.
Vlada Belousova
ANYRUN FZCO
2027889264
emailhere
Visiton social media:
Twitter
YouTube
Comments
No comment