ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!

Jump to content



Photo

XWORM V2.1 CRACKED - | UAC * WORM * RunPE * Clipper | Cleaned By ObbedCode


  • This topic is locked This topic is locked
XWORM V2.1 CRACKED - | UAC * WORM * RunPE * Clipper | Cleaned By ObbedCode

#1

ObbedCode
ObbedCode
    Offline
    356
    Rep
    2193
    Likes

    Anti-Virus

Posts: 2053
Threads: 70
Joined: Nov 03, 2017
Credits: 0

Seven years registered
#1

For a second I assumed it was the stub dropping in the TEMP dir from the second "builder.exe" file as that was being executed but I assumed if it was not connected to a valid server that would exit the stub, I was reversing it for a TCP Connection and realized it is using a Telegram Channel to send data to , The RAT uses a TCP Connection over a Custom Port , Telegram is not involved. So Come to find out, it was his Stealer he binded.

 

So you almost got me :< but the weird admin prompt ? , the Fake Error ? , and ofc dropping this in the %temp% folder on Disk for AVs to Scan Un-Obfuscated Code 6/10 I give it :(

Good Concept ?

 

Ps , Yes this is the CLEAN version , still run in sandbox tho . Good Practices :D

 

 

Screenshots of Program

 

Spoiler

 

====================================================

FEATURES

====================================================

 

 

 

[+] Run File From, URL / Disk / Memory / RunPE

[+] Blank Screen, Disable Win Updates, Run Shell , Invoke BSOD

[+] .NET 3.5 Installer

[+] UAC / Firewall / Taskmgr / RegEdit , Disabler + Enabler

[+] Shell / Webcam / MIC / Monitor / System Sound/ File Manager, Control

[+] TCP Connections Monitor

[+] Clipboard Manager + Password Manager

[+] Installed Programs Manager

[+] Activate Windows Option

[+] DDoS

[+] VB.NET Compiler / Google Maps

[+] Fun Functions

[+] Keylogger / Chat / File Searcher

[+] USB Spread + Bot Killer

[+] Prevent Sleep / Auto Sleep Disabler / Change Wallpaper / Message Box Popup / Delete Restore Points

[+] UAC Bypass 

[+] Coin Clipper / Swapper

[+] Ransomware 

[+] Ngrok Installer

[+] Tinynuke HVNC

[+] VNC Viewer

[+] Windows Defender , Disabler / Remover / Exclusion

[+] Startup, Registry / Folder / SCHTASKS aka Scheduled Tasks 

[+] Worm

[+] Anti Analysis

 

Thats most of it  :P 

 

====================================================

DOWNLOAD

====================================================

 

Password:

NULLED.TO

 

AnonFile

Hidden Content
You'll be able to see the hidden content once you reply to this topic or

Please Login or Register to see this Hidden Content

.

 

Zippyshare

Hidden Content
You'll be able to see the hidden content once you reply to this topic or

Please Login or Register to see this Hidden Content

.

 

Upload.ee

Hidden Content
You'll be able to see the hidden content once you reply to this topic or

Please Login or Register to see this Hidden Content

.

 

Sendspace

Hidden Content
You'll be able to see the hidden content once you reply to this topic or

Please Login or Register to see this Hidden Content

.

 

MirrorAce

Hidden Content
You'll be able to see the hidden content once you reply to this topic or

Please Login or Register to see this Hidden Content

.

 

 

Analysis of Infected File:

 

VT:

XWorm-RAT-V2.1-builder.exe => 

Please Login or Register to see this Hidden Content

win-xworm-builder => 

Please Login or Register to see this Hidden Content

 

~ Telegram Stealer Dropped in %temp% Dir under "win-xworm-builder.exe"

~ Has Basic Anti Analysis as that was part why Id assume it was cracking so it was just the stub, either way easy to Bypass "CALL => NOP" ;)

~ Telegram Chat Channel ID 2024893777

~ Steals From

 

Spoiler

 

Please Login or Register to see this Hidden Content

Please Login or Register to see this Hidden Content


Edited by ObbedCode, 29 October 2022 - 06:23 PM.

  • 3

++

~~  Much Love From ObbedCode  ~~

Always RUN Files in a Sandbox / Virtual Machine 

 

bQKFo6Z.png


#2

ManoFSadness
ManoFSadness
    Offline
    359
    Rep
    2347
    Likes

    :jocker:

Posts: 2573
Threads: 694
Joined: Dec 05, 2020
Credits: 2

Three years registered
#2

good job  :pepoclap:


  • 0

#3

Abalambal
Abalambal
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 7
Threads: 0
Joined: Oct 29, 2022
Credits: 0
Two years registered
#3

Holy maddness


  • 0

#4

De787
De787
    Offline
    0
    Rep
    0
    Likes

    New Member

Posts: 23
Threads: 0
Joined: Oct 25, 2022
Credits: 0
Two years registered
#4

Thanks


  • 0

#5

ccpower
ccpower
    Offline
    2
    Rep
    -1
    Likes

    Member

Posts: 38
Threads: 0
Joined: Jul 20, 2015
Credits: 0
Nine years registered
#5

Thanks for the share


  • 0

#6

hardass
hardass
    Offline
    2
    Rep
    36
    Likes

    DeKis

Posts: 624
Threads: 25
Joined: Jul 17, 2015
Credits: 0

Nine years registered
#6

thanks rep +1


  • 1

#7

justdevil
justdevil
    Offline
    0
    Rep
    1
    Likes

    Member

Posts: 25
Threads: 0
Joined: Dec 02, 2015
Credits: 0
Eight years registered
#7

Thx i hope good rat 

i check ,

and i tell ,

thx for your sharing


  • 0

#8

wakanda96
wakanda96
    Offline
    0
    Rep
    1
    Likes

    Advanced Member

Posts: 86
Threads: 0
Joined: Oct 13, 2021
Credits: 0
Three years registered
#8

good one bro thank you


  • 0

#9

Berar
Berar
    Offline
    0
    Rep
    0
    Likes

    New Member

Posts: 17
Threads: 0
Joined: Sep 03, 2022
Credits: 0
Two years registered
#9

thx


  • 0

#10

hjimmy
hjimmy
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 4
Threads: 0
Joined: Nov 06, 2022
Credits: 0
Two years registered
#10

This is very nice bruh


  • 0


 Users browsing this thread: and 1 guests