Mastodawn

MalwareLab Mar 23, 2024

Recent #stegocampaign delivering #XWorm RAT #malware samples.
Quick review of #sandbox analysis reports reveal simple, yet interesting infection chain. It contains #VisualBasic script, #PowerShell scripts, picture with Base64-encoded executable and the #xwormrat itself. Those payloads have been downloaded from online hosting services such as #Pastebin and #Firebase.

My new article with #IOC and analysis https://malwarelab.eu/posts/stego-xworm/

#steganography #Steganoanalysis #anyrun #malwareanalysis #obfuscation #cyberchef

XWorm RAT and Steganography :: MWLab — Ladislav's Malware Lab

When I looked on recent public submissions on Any.Run this week, my attention was attracted by XWorm samples with tags “stegocampaign”. Quick review of analysis reports reveal simple, yet interesting infection chain. It contains Visual Basic script, PowerShell script, picture with Base64-encoded executable and the XWorm RAT itself. Those payloads have been downloaded from online hosting services such as Pastebin or Firebase. Moreover, they have been downloaded via HTTPs, so basic network analysis does not reveal the content nor the URL links, however, there are some simple methods how to reveal the real URLs.

XWorm RAT and Steganography

loneicewolf Mar 22, 2024

Hi!

OTP/Caesar/DualEcDrbg/Kleptography/Steganoanalysis..
Do some of these terms sound familiar to you? If they do: I might not be alone in liking that topic! (Cryptography, that is) and if you dont: do google Cryptography and Steganography, I think you will find a new hobby ^_^

#secret #codes #programming #infosec #crypto #cryptography #OTP #Caesar #DualEcDrbg #Kleptography #Steganoanalysis