Contact

XWorm: Analyzing New Infection Tactics With Old Payload

NetmanageIT OpenCTI - opencti.netmanageit.com

XWorm: Analyzing New Infection Tactics With Old Payload



SUMMARY :

A recent malware campaign utilizes a multi-stage infection chain starting with a LNK file that lures victims into opening an invoice in a web browser. The attack involves PowerShell commands, batch files, and Python scripts to download and execute the XWorm payload. The infection process includes downloading a ZIP file containing Python setup files and scripts, with a malicious script responsible for decrypting and injecting shellcode. The XWorm variant employed is an older version that includes an Xlogger module for tracking user activities. The malware's capabilities include shellcode injection and keylogging, enabling the theft of sensitive information and exfiltration to a remote server.

OPENCTI LABELS :

powershell,xworm,keylogging,multi-stage infection


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


XWorm: Analyzing New Infection Tactics With Old Payload