In this article, we explore how XWorm employs obfuscation, encryption, and anti-analysis techniques to evade detection.

In this first article of the XWorm series, we explore the basics of analyzing this RAT (Remote Access Trojan). We identify the type of binary, analyze managed vs unmanaged code, and introduce the key tools for its analysis.

In this article we will dynamically analyze the C2 agent we previously obtained and evaluate ways to interact with it in order to understand how it works.

In this article, a direct continuation of the previous article, we analyze a C2 agent developed in .NET to identify how it evades defenses, the capabilities it offers, and how we can obtain indicators of compromise from it.

In this first part, we will analyze a malicious macro containing an embedded C2 agent. We will analyze how it acts, what techniques it uses to hinder analysis, and how we can obtain indicators of compromise from it.