216.73.217.50

XWorm Cocktail: A Mix of PE data with PowerShell Code

· Published 19/02/2025 16:12 · Modified 19/02/2025 19:56

Export JSON

Essential information

Published
19/02/2025 16:12
Modified
19/02/2025 19:56
Tags
2025-02-19 deobfuscation evasion keylogging obfuscation persistence powershell virustotal xworm
Related entities
3 observables, 20 techniques (mitre), 1 malware

Description

A malicious file discovered on triggered a rule, leading to the investigation of two closely related files identified as 'data files' but named as executables. The files contain a mix of code, binary data, and obfuscated text. Analysis revealed characteristics of malware, including functions for system manipulation, data exfiltration, and . The technique involves Base64 encoding, compression, and mathematical operations combined with logical operands. The malware attempts to evade detection, create , and perform various malicious activities. The investigation highlights the complexity of modern malware techniques and the challenges in deobfuscating such threats.

External references