Zero-Dwell Threat Intelligence Reports

XWorm V6.5 Payload Exhibiting Strong Sandbox Evasion Techniques.exe

detect-debug-environment checks-user-input assembly

XWorm Variant Implementing Long-Sleep Delays To Evade Sandboxes.exe

long-sleeps overlay detect-debug-environment calls-wmi assembly

XWorm Executable Using UPX Packing And Multiple AES Keys.exe

long-sleeps detect-debug-environment executes-dropped-file persistence upx

XWorm V5.6 Payload Fetching C2 Instructions From Pastebin.exe

64bits overlay spreader

Fox XWorm Payload Establishing Persistence Through RunKey Modifications.exe

calls-wmi assembly persistence payload

XWorm Backdoor Deploying USB Installer And AppData Persistence.exe

long-sleeps detect-debug-environment calls-wmi assembly malware

XWorm Sample Employing AES Encryption For Command Traffic.exe

long-sleeps detect-debug-environment calls-wmi assembly

XWorm Variant Using AES Encryption For Command Communications.exe

long-sleeps detect-debug-environment calls-wmi checks-user-input idle assembly payload

XWorm Backdoor Establishing Multiple TCP C2 Connections Globally.exe

detect-debug-environment calls-wmi checks-user-input assembly malware checks-bios obfuscated

XWorm Backdoor Using RunKey Persistence And AES-Encrypted C2.exe

long-sleeps detect-debug-environment calls-wmi assembly persistence

XWorm Variant Using PowerShell Exclusions To Evade Defender.exe

detect-debug-environment calls-wmi assembly malware

Malicious Loader Executing Obfuscated Commands To Deploy XWorm.exe

long-sleeps detect-debug-environment calls-wmi executes-dropped-file