XWorm is a malicious remote access trojan written in .NET (C#). Version 3.1 is one of the publicly released builds, offering a range of invasive functionalities to an attacker controlling a command-and-control (C2) server.
The power of XWorm lies in its extensive list of capabilities, which can be broken down into several categories: xworm 3.1
To remain stealthy, XWorm campaigns are increasingly moving toward fileless execution. Newer versions avoid storing the payload on the disk. Instead, the malware is kept in PowerShell scripts as a hexadecimal string or in the registry itself, reducing static detection. They also use to execute entirely in memory. XWorm is a malicious remote access trojan written in