Close Menu
TechurzTechurz
    What's Hot

    Humble Robotics’ CEO says the tech finally caught up to the vision for autonomous vehicles

    July 1, 2026

    Autonomous vehicle hype is back, and Humble Robotics is bringing it to freights

    July 1, 2026

    Builders Stage agenda revealed for Disrupt 2026

    July 1, 2026
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Tech Pulse
    • Humble Robotics’ CEO says the tech finally caught up to the vision for autonomous vehicles
    • Autonomous vehicle hype is back, and Humble Robotics is bringing it to freights
    • Builders Stage agenda revealed for Disrupt 2026
    • Startup Battlefield Australia application closes in days: Apply before July 6
    • Acti puts AI agents directly into your smartphone keyboard
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    TechurzTechurz
    • Home
    • Tech Pulse
    • Future Tech
    • AI Systems
    • Cyber Reality
    • Disruption Lab
    • Signals
    TechurzTechurz
    Home - Cyber Reality - XWorm campaign shows a shift toward fileless malware and in-memory evasion tactics
    Cyber Reality

    XWorm campaign shows a shift toward fileless malware and in-memory evasion tactics

    TechurzBy TechurzSeptember 29, 2025Updated:May 10, 2026No Comments1 Min Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    email popup warning window phishing cybersecurity security
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Built to hide, move, and persist on the target, the XWorm RAT was deployed abusing legitimate Windows APIs to fetch and execute a downloader, along with layered anti-analysis techniques, including API hashing, “unhooked” calls, heavy obfuscation, and encryption.

    Multi-stage attack hides RAT within spreadsheets

    The “OLE10Native” stream, extracted from the .xlam archive in the infection email, conceals an encrypted shellcode blob. Forcepoint analysts used XORSearch and scdbg to find the shellcode’s execution offset and emulate it, revealing API calls that downloaded a .NET executable to the victim’s Application Data folder.

    “While analysing the .NET compiled binaries, it is good to focus on the classes/methods that use ‘Drawing,’” Kumar pointed out. “The reason for this is that a lot of .NET malware will load a bitmap or object from its resource section and reflectively load the next stage into memory.”

    That .NET executable then unpacks a byte array and uses a steganography image resource to load a second-stage DLL into memory, which in turn reflectively injects a third-stage module–the XWorm RAT itself. Each stage is loaded or executed in memory, minimizing on-disk artifacts and complicating detection efforts.

    campaign Evasion fileless inmemory malware Shift shows tactics XWorm
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleVibe-coding startup Anything nabs a $100M valuation after hitting $2M ARR in its first two weeks
    Next Article AI recruiter Alex raises $17M to automate initial job interviews
    Techurz
    • Website

    Related Posts

    Opinion

    Clicks shows off its BlackBerry-inspired phone in a new hands-on video

    June 30, 2026
    Cyber Reality

    Digital Identity Protection: 7 Hidden Risks Most Users Miss

    May 25, 2026
    Cyber Reality

    Neural Data Policy: 7 Risks That Brain Privacy Laws Miss

    May 25, 2026
    Add A Comment
    Latest Tech Pulse

    College social app Fizz expands into grocery delivery

    September 3, 20252,290

    SolarSquare in talks to raise up to $60M as India’s rooftop solar market draws major VC interest

    May 23, 202622

    Future of Digital Privacy and Security: 7 Truths Nobody Tells You

    May 25, 202619
    Stay In Touch
    • YouTube
    • WhatsApp
    • Twitter
    • Pinterest
    • LinkedIn

    Techurz helps readers stay ahead of digital change with clear, practical, future focused technology intelligence written today,searched tomorrow.

    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Company
    • About Us
    • Contact Us
    • Our Authors / Editorial Team
    • Write For Us
    • Advertise
    Policy
    • Editorial Policy
    • Privacy Policy
    • Terms and Conditions
    • Affiliate Disclosure
    • Cookie Policy
    • Disclaimer
    • DMCA
    Explore
    • AI Systems
    • Cyber Reality
    • Future Tech
    • Disruption Lab
    • Signals
    • Tech Pulse
    • Sitemap

    Join the Techurz Brief

    The future does not arrive suddenly.
    Stay ahead with fast, sharp tech signals.

    Type above and press Enter to search. Press Esc to cancel.