https://hexpysya.github.io/tags/xworm/Recent content in XWorm on bubka hacks stuffHugo -- gohugo.ioen-usSun, 01 Mar 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-xworm/Sun, 01 Mar 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-xworm/A .NET XWorm RAT that establishes triple persistence via scheduled task, startup shortcut, and registry Run key, implements keylogging, clipboard hijacking for crypto wallets, and communicates with multiple C2 servers over TCP using AES-ECB encrypted payloads.