Security News > 2023 > September > Inside the Code of a New XWorm Variant

Inside the Code of a New XWorm Variant
2023-09-19 11:32

XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe.

The analyst team at ANY.RUN came across the newest version of the malware and could not refuse the opportunity of taking it apart to examine XWorm mechanics configurations.

After rerunning the sample with Residential Proxy enabled, XWorm was successfully executed and began its activity.

Virtualization detection: XWorm used the WMI query "Select * from Win32 ComputerSystem" to check for VmWare or VirtualBox environments.

Persistence: XWorm used the registry and the task scheduler to establish a persistent presence on the system.

The entire process is described in detail in ANY.RUN's blog article "XWorm: Technical Analysis of a New Malware Version."

News URL