XWORM V2.1 CRACKED - | UAC * WORM * RunPE * Clipper | Cleaned By ObbedCode

[xserverv23]

thanks

[GLOM79]

thanks it is good

[curtisphillips]

Needed this for a while

[xldogefu686]

dskfndsjkfnds fk sdkfsd

[gabriela752]

thanks bro

[braby]

31231

[aadsaw]

 

For a second I assumed it was the stub dropping in the TEMP dir from the second "builder.exe" file as that was being executed but I assumed if it was not connected to a valid server that would exit the stub, I was reversing it for a TCP Connection and realized it is using a Telegram Channel to send data to , The RAT uses a TCP Connection over a Custom Port , Telegram is not involved. So Come to find out, it was his Stealer he binded.

 

So you almost got me :< but the weird admin prompt ? , the Fake Error ? , and ofc dropping this in the %temp% folder on Disk for AVs to Scan Un-Obfuscated Code 6/10 I give it

Good Concept ?

 

Ps , Yes this is the CLEAN version , still run in sandbox tho . Good Practices

 

 

Screenshots of Program

 

Spoiler

 

 

 

 

 

 

 

 

====================================================

FEATURES

====================================================

 

 

 

[+] Run File From, URL / Disk / Memory / RunPE

[+] Blank Screen, Disable Win Updates, Run Shell , Invoke BSOD

[+] .NET 3.5 Installer

[+] UAC / Firewall / Taskmgr / RegEdit , Disabler + Enabler

[+] Shell / Webcam / MIC / Monitor / System Sound/ File Manager, Control

[+] TCP Connections Monitor

[+] Clipboard Manager + Password Manager

[+] Installed Programs Manager

[+] Activate Windows Option

[+] DDoS

[+] VB.NET Compiler / Google Maps

[+] Fun Functions

[+] Keylogger / Chat / File Searcher

[+] USB Spread + Bot Killer

[+] Prevent Sleep / Auto Sleep Disabler / Change Wallpaper / Message Box Popup / Delete Restore Points

[+] UAC Bypass 

[+] Coin Clipper / Swapper

[+] Ransomware 

[+] Ngrok Installer

[+] Tinynuke HVNC

[+] VNC Viewer

[+] Windows Defender , Disabler / Remover / Exclusion

[+] Startup, Registry / Folder / SCHTASKS aka Scheduled Tasks 

[+] Worm

[+] Anti Analysis

 

Thats most of it   

 

====================================================

DOWNLOAD

====================================================

 

Password:

NULLED.TO

 

AnonFile

 

 

Zippyshare

 

 

Upload.ee

 

 

Sendspace

 

 

MirrorAce

 

 

 

Analysis of Infected File:

 

VT:

XWorm-RAT-V2.1-builder.exe => 

Please Login or Register to see this Hidden Content

win-xworm-builder => 

Please Login or Register to see this Hidden Content

 

~ Telegram Stealer Dropped in %temp% Dir under "win-xworm-builder.exe"

~ Has Basic Anti Analysis as that was part why Id assume it was cracking so it was just the stub, either way easy to Bypass "CALL => NOP"

~ Telegram Chat Channel ID 2024893777

~ Steals From

 

Spoiler

Please Login or Register to see this Hidden Content

good job

 

 

Please Login or Register to see this Hidden Content

Please Login or Register to see this Hidden Content

 

[aadsaw]

goood thx 

[trichelwetmor1]

thx

[Pixdoom]

ty