Xcitium Logo

Zero-Dwell Threat Intelligence Reports

Nixware-Branded Executable Exhibiting Stealer-Like Network Behavior.exe
detect-debug-environment calls-wmi assembly malware
MSIL Backdoor Implementing Keylogging, Reconnaissance, And Remote Access.exe
long-sleeps detect-debug-environment checks-user-input assembly
XWorm Variant Communicating With Telegram And TCP C2 Servers.exe
calls-wmi assembly malware
Stealer Family Sample Using Evasion And Obfuscation Methods.exe
XWorm Loader Compiles RegSvcs Stub On-The-Fly and Beacons to Remote C2.exe
long-sleeps detect-debug-environment persistence
Heracles/Tasker Variant Exhibits Schtasks Persistence and Backdoor Behavior.exe
calls-wmi assembly payload
XWorm Variant Masquerades as System Process and Rewrites Winlogon Userinit Key.exe
long-sleeps detect-debug-environment calls-wmi assembly persistence obfuscated
XWorm Variant Adds Defender Exclusions and Creates High-Privilege Scheduled Task.exe
detect-debug-environment calls-wmi checks-user-input assembly malware
Themida-Packed Swift.exe Flags as Trojan.Malgent With High-Severity Hits.exe
64bits detect-debug-environment corrupt themida
XWorm Variant Shows Dual C2, AES Keys, and Full RAT Features.exe
calls-wmi assembly payload
XWorm V6.4 Backdoor Uses TCP + Telegram C2 for Remote Control.exe
calls-wmi checks-user-input assembly persistence payload
XWorm Variant Performs ip-api Recon and Beacons to TCP C2 on 56475.exe
detect-debug-environment calls-wmi assembly malware obfuscated