Xworm V31 Updated New! May 2026

XWorm is a sophisticated Remote Access Trojan (RAT) known for its extensive malicious capabilities, including stealing sensitive data, monitoring user activity, and even deploying ransomware. Version V3.1 has been identified in various cyber-threat campaigns, often arriving through phishing emails containing "meme-filled" lures to bypass traditional security filters.

• Ease of Use: Intuitive interface and straightforward setup process.
• Customizability: Flexible configuration options to suit specific testing needs.
• Regular Updates: Commitment to ongoing development and improvement.

• Port Customization: During the build process, the attacker can specify a custom port for the C2 server.
• Encryption: Traffic is encrypted using the AES algorithm. The malware sends system information (Username, OS, RAM, GPU, Admin status) upon connection, formatted in a specific data structure defined by the builder.

xWorm New Version - Malware Analysis Report - Tinexta Defence xworm v31 updated

The updated v3.1 variant provides attackers with comprehensive control over a compromised Windows system. Its primary features include: XWorm is a sophisticated Remote Access Trojan (RAT)

1. Enhanced Polymorphic Obfuscation

Previous versions used standard ConfuserEx packers. XWorm v31 now employs a multi-stage hybrid obfuscation technique combining SmartAssembly with custom control flow mangling. Ease of Use : Intuitive interface and straightforward

C2 Domains (Sinkholable):

XWorm version 3.1 is a sophisticated, .NET-based Remote Access Trojan (RAT) utilizing phishing, HTA files, and process hollowing to maintain stealthy, modular control over Windows systems. It employs advanced obfuscation and C2 communication via AES-encrypted packets, with capabilities including ransomware and cryptocurrency theft. For a deep dive into the code and infection mechanics, visit Fortinet.