Sign In
Create Account
This topic is locked
nice bro thx
XWORM V2.1 CRACKED - | UAC * WORM * RunPE * Clipper | Cleaned By ObbedCode
Started By ObbedCode, Oct 29 2022 08:16 AM
#51
Posted 18 December 2022 - 04:22 AM
smixo100
Offline
0
Likes
Likes
Member
Posts: 40
Threads: 0
Joined: Dec 12, 2021
Credits: 0
Two years registered
#52
Posted 18 December 2022 - 08:50 AM
pulalungageorg
Offline
0
Likes
Likes
Lurker
Posts: 5
Threads: 0
Joined: May 26, 2022
Credits: 0
Two years registered
#52
Thanks for sharing
Posted 18 December 2022 - 08:50 AM
For a second I assumed it was the stub dropping in the TEMP dir from the second "builder.exe" file as that was being executed but I assumed if it was not connected to a valid server that would exit the stub, I was reversing it for a TCP Connection and realized it is using a Telegram Channel to send data to , The RAT uses a TCP Connection over a Custom Port , Telegram is not involved. So Come to find out, it was his Stealer he binded.
So you almost got me :< but the weird admin prompt ? , the Fake Error ? , and ofc dropping this in the %temp% folder on Disk for AVs to Scan Un-Obfuscated Code 6/10 I give it
Good Concept ?
Ps , Yes this is the CLEAN version , still run in sandbox tho . Good Practices
Screenshots of Program
Spoiler
====================================================
FEATURES
====================================================
[+] Run File From, URL / Disk / Memory / RunPE
[+] Blank Screen, Disable Win Updates, Run Shell , Invoke BSOD
[+] .NET 3.5 Installer
[+] UAC / Firewall / Taskmgr / RegEdit , Disabler + Enabler
[+] Shell / Webcam / MIC / Monitor / System Sound/ File Manager, Control
[+] TCP Connections Monitor
[+] Clipboard Manager + Password Manager
[+] Installed Programs Manager
[+] Activate Windows Option
[+] DDoS
[+] VB.NET Compiler / Google Maps
[+] Fun Functions
[+] Keylogger / Chat / File Searcher
[+] USB Spread + Bot Killer
[+] Prevent Sleep / Auto Sleep Disabler / Change Wallpaper / Message Box Popup / Delete Restore Points
[+] UAC Bypass
[+] Coin Clipper / Swapper
[+] Ransomware
[+] Ngrok Installer
[+] Tinynuke HVNC
[+] VNC Viewer
[+] Windows Defender , Disabler / Remover / Exclusion
[+] Startup, Registry / Folder / SCHTASKS aka Scheduled Tasks
[+] Worm
[+] Anti Analysis
Thats most of it
====================================================
DOWNLOAD
====================================================
Password:
NULLED.TO
AnonFile
Zippyshare
Upload.ee
Sendspace
MirrorAce
Analysis of Infected File:
VT:
XWorm-RAT-V2.1-builder.exe =>
win-xworm-builder =>
~ Telegram Stealer Dropped in %temp% Dir under "win-xworm-builder.exe"
~ Has Basic Anti Analysis as that was part why Id assume it was cracking so it was just the stub, either way easy to Bypass "CALL => NOP"
~ Telegram Chat Channel ID 2024893777
~ Steals From
Spoiler
Thanks for sharing
#53
Posted 18 December 2022 - 02:28 PM
recruitm
Offline
2
Likes
Likes
Member
Posts: 46
Threads: 2
Joined: Oct 06, 2022
Credits: 0
Two years registered
#54
Posted 19 December 2022 - 10:03 AM
Hyderino6969
Offline
0
Likes
Likes
Lurker
Posts: 4
Threads: 0
Joined: Dec 19, 2022
Credits: 0
One year registered
#55
Posted 22 December 2022 - 11:59 AM
ulce181223
Offline
0
Likes
Likes
New Member
Posts: 10
Threads: 0
Joined: Dec 16, 2022
Credits: 0
One year registered
#56
Posted 23 December 2022 - 06:58 PM
esrefamca
Offline
0
Likes
Likes
Lurker
Posts: 1
Threads: 0
Joined: Dec 23, 2022
Credits: 0
One year registered
#57
Posted 25 December 2022 - 12:08 AM
lolaylolay
Offline
0
Likes
Likes
Member
Posts: 48
Threads: 0
Joined: Dec 05, 2022
Credits: 0
One year registered
#58
Posted 26 December 2022 - 08:09 PM
ViperZ69
Offline
0
Likes
Likes
Member
Posts: 40
Threads: 1
Joined: Jul 29, 2022
Credits: 0
User has joined recently.
Make sure to use a MiddleMan.
Make sure to use a MiddleMan.
Two years registered
#60
Posted 30 December 2022 - 09:10 AM
calianus
Offline
0
Likes
Likes
Lurker
Posts: 7
Threads: 0
Joined: Dec 30, 2022
Credits: 0
One year registered
Users browsing this thread: and 4 guests
