Heavily obfuscated batch file loads XWorm hosted on GitHub 20 January 2025 VMRay Labs found a multi-stage obfuscated batch script with low detections on VirusTotal which downloads and executes XWorm from GitHub. The sample uses a UTF-16 Byte Order Marker and an open source Batch obfuscator to hinder manual analysis.
Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!
join VMRay for two powerhouse webinars designed to sharpen your threat detection and response capabilities — featuring a special joint session with Red Canary:
Live session's over. Watch the on-demand video to learn how VMRay and Red Canary combine forces to deliver faster, smarter threat detection!
Learn how to cut phishing triage time with automated detonation and deep analysis — quickly uncover threats while improving response accuracy!