XWORM V2.1 CRACKED - | UAC * WORM * RunPE * Clipper | Cleaned By ObbedCode

Vendor of: Paypal & Banks Logins + Cookies
Verified Seller
Hero Member
Joined
August 19, 2023
Messages
911
Reaction score
42,961
Points
93
For a second I assumed it was the stub dropping in the TEMP dir from the second "builder.exe" file as that was being executed but I assumed if it was not connected to a valid server that would exit the stub, I was reversing it for a TCP Connection and realized it is using a Telegram Channel to send data to , The RAT uses a TCP Connection over a Custom Port , Telegram is not involved. So Come to find out, it was his Stealer he binded.





So you almost got me :< but the weird admin prompt ? , the Fake Error ? , and ofc dropping this in the %temp% folder on Disk for AVs to Scan Un-Obfuscated Code 6/10 I give it
:(



Good Concept ?






Ps , Yes this is the CLEAN version , still run in sandbox tho . Good Practices
:D









Screenshots of Program





Spoiler





====================================================


FEATURES


====================================================












[+] Run File From, URL / Disk / Memory / RunPE


[+] Blank Screen, Disable Win Updates, Run Shell , Invoke BSOD


[+] .NET 3.5 Installer


[+] UAC / Firewall / Taskmgr / RegEdit , Disabler + Enabler


[+] Shell / Webcam / MIC / Monitor / System Sound/ File Manager, Control


[+] TCP Connections Monitor


[+] Clipboard Manager + Password Manager


[+] Installed Programs Manager


[+] Activate Windows Option


[+] DDoS


[+] VB.NET Compiler / Google Maps


[+] Fun Functions


[+] Keylogger / Chat / File Searcher


[+] USB Spread + Bot Killer


[+] Prevent Sleep / Auto Sleep Disabler / Change Wallpaper / Message Box Popup / Delete Restore Points


[+] UAC Bypass


[+] Coin Clipper / Swapper


[+] Ransomware


[+] Ngrok Installer


[+] Tinynuke HVNC


[+] VNC Viewer


[+] Windows Defender , Disabler / Remover / Exclusion


[+] Startup, Registry / Folder / SCHTASKS aka Scheduled Tasks


[+] Worm


[+] Anti Analysis





Thats most of it
:P






====================================================


DOWNLOAD


====================================================






Password:


NULLED.TO





AnonFile



To see this hidden content, you must reply and react with one of the following reactions : Like Like






Zippyshare




To see this hidden content, you must reply and react with one of the following reactions : Like Like





Upload.ee




To see this hidden content, you must reply and react with one of the following reactions : Like Like





Sendspace



To see this hidden content, you must reply and react with one of the following reactions : Like Like






MirrorAce




To see this hidden content, you must reply and react with one of the following reactions : Like Like








Analysis of Infected File:





VT:


XWorm-RAT-V2.1-builder.exe => https://www.virustot...aefe66807eac93a


win-xworm-builder => https://www.virustot...e2307b80a560319





~ Telegram Stealer Dropped in %temp% Dir under "win-xworm-builder.exe"


~ Has Basic Anti Analysis as that was part why Id assume it was cracking so it was just the stub, either way easy to Bypass "CALL => NOP"
;)



~ Telegram Chat Channel ID 2024893777


~ Steals From





Spoiler







 
  • Like
Reactions: Ghost23, starxy, shopnobaj and 11 others
Advanced Member
Joined
October 7, 2023
Messages
305
Reaction score
25
Points
28
thanks
For a second I assumed it was the stub dropping in the TEMP dir from the second "builder.exe" file as that was being executed but I assumed if it was not connected to a valid server that would exit the stub, I was reversing it for a TCP Connection and realized it is using a Telegram Channel to send data to , The RAT uses a TCP Connection over a Custom Port , Telegram is not involved. So Come to find out, it was his Stealer he binded.





So you almost got me :< but the weird admin prompt ? , the Fake Error ? , and ofc dropping this in the %temp% folder on Disk for AVs to Scan Un-Obfuscated Code 6/10 I give it
:(



Good Concept ?






Ps , Yes this is the CLEAN version , still run in sandbox tho . Good Practices
:D









Screenshots of Program





Spoiler





====================================================


FEATURES


====================================================












[+] Run File From, URL / Disk / Memory / RunPE


[+] Blank Screen, Disable Win Updates, Run Shell , Invoke BSOD


[+] .NET 3.5 Installer


[+] UAC / Firewall / Taskmgr / RegEdit , Disabler + Enabler


[+] Shell / Webcam / MIC / Monitor / System Sound/ File Manager, Control


[+] TCP Connections Monitor


[+] Clipboard Manager + Password Manager


[+] Installed Programs Manager


[+] Activate Windows Option


[+] DDoS


[+] VB.NET Compiler / Google Maps


[+] Fun Functions


[+] Keylogger / Chat / File Searcher


[+] USB Spread + Bot Killer


[+] Prevent Sleep / Auto Sleep Disabler / Change Wallpaper / Message Box Popup / Delete Restore Points


[+] UAC Bypass


[+] Coin Clipper / Swapper


[+] Ransomware


[+] Ngrok Installer


[+] Tinynuke HVNC


[+] VNC Viewer


[+] Windows Defender , Disabler / Remover / Exclusion


[+] Startup, Registry / Folder / SCHTASKS aka Scheduled Tasks


[+] Worm


[+] Anti Analysis





Thats most of it
:P






====================================================


DOWNLOAD


====================================================






Password:


NULLED.TO





AnonFile



[Hidden content]








Zippyshare




[Hidden content]







Upload.ee




[Hidden content]







Sendspace



[Hidden content]








MirrorAce




[Hidden content]










Analysis of Infected File:





VT:


XWorm-RAT-V2.1-builder.exe => https://www.virustot...aefe66807eac93a


win-xworm-builder => https://www.virustot...e2307b80a560319





~ Telegram Stealer Dropped in %temp% Dir under "win-xworm-builder.exe"


~ Has Basic Anti Analysis as that was part why Id assume it was cracking so it was just the stub, either way easy to Bypass "CALL => NOP"
;)



~ Telegram Chat Channel ID 2024893777


~ Steals From





Spoiler







 
Joined
December 2, 2023
Messages
11
Reaction score
0
Points
1
For a second I assumed it was the stub dropping in the TEMP dir from the second "builder.exe" file as that was being executed but I assumed if it was not connected to a valid server that would exit the stub, I was reversing it for a TCP Connection and realized it is using a Telegram Channel to send data to , The RAT uses a TCP Connection over a Custom Port , Telegram is not involved. So Come to find out, it was his Stealer he binded.





So you almost got me :< but the weird admin prompt ? , the Fake Error ? , and ofc dropping this in the %temp% folder on Disk for AVs to Scan Un-Obfuscated Code 6/10 I give it
:(



Good Concept ?






Ps , Yes this is the CLEAN version , still run in sandbox tho . Good Practices
:D









Screenshots of Program





Spoiler





====================================================


FEATURES


====================================================












[+] Run File From, URL / Disk / Memory / RunPE


[+] Blank Screen, Disable Win Updates, Run Shell , Invoke BSOD


[+] .NET 3.5 Installer


[+] UAC / Firewall / Taskmgr / RegEdit , Disabler + Enabler


[+] Shell / Webcam / MIC / Monitor / System Sound/ File Manager, Control


[+] TCP Connections Monitor


[+] Clipboard Manager + Password Manager


[+] Installed Programs Manager


[+] Activate Windows Option


[+] DDoS


[+] VB.NET Compiler / Google Maps


[+] Fun Functions


[+] Keylogger / Chat / File Searcher


[+] USB Spread + Bot Killer


[+] Prevent Sleep / Auto Sleep Disabler / Change Wallpaper / Message Box Popup / Delete Restore Points


[+] UAC Bypass


[+] Coin Clipper / Swapper


[+] Ransomware


[+] Ngrok Installer


[+] Tinynuke HVNC


[+] VNC Viewer


[+] Windows Defender , Disabler / Remover / Exclusion


[+] Startup, Registry / Folder / SCHTASKS aka Scheduled Tasks


[+] Worm


[+] Anti Analysis





Thats most of it
:P






====================================================


DOWNLOAD


====================================================






Password:


NULLED.TO





AnonFile



[Hidden content]








Zippyshare




[Hidden content]







Upload.ee




[Hidden content]







Sendspace



[Hidden content]








MirrorAce




[Hidden content]










Analysis of Infected File:





VT:


XWorm-RAT-V2.1-builder.exe => https://www.virustot...aefe66807eac93a


win-xworm-builder => https://www.virustot...e2307b80a560319





~ Telegram Stealer Dropped in %temp% Dir under "win-xworm-builder.exe"


~ Has Basic Anti Analysis as that was part why Id assume it was cracking so it was just the stub, either way easy to Bypass "CALL => NOP"
;)



~ Telegram Chat Channel ID 2024893777


~ Steals From





Spoiler







CC
 
Joined
May 1, 2024
Messages
7
Reaction score
0
Points
1
For a second I assumed it was the stub dropping in the TEMP dir from the second "builder.exe" file as that was being executed but I assumed if it was not connected to a valid server that would exit the stub, I was reversing it for a TCP Connection and realized it is using a Telegram Channel to send data to , The RAT uses a TCP Connection over a Custom Port , Telegram is not involved. So Come to find out, it was his Stealer he binded.





So you almost got me :< but the weird admin prompt ? , the Fake Error ? , and ofc dropping this in the %temp% folder on Disk for AVs to Scan Un-Obfuscated Code 6/10 I give it
:(



Good Concept ?






Ps , Yes this is the CLEAN version , still run in sandbox tho . Good Practices
:D









Screenshots of Program





Spoiler





====================================================


FEATURES


====================================================












[+] Run File From, URL / Disk / Memory / RunPE


[+] Blank Screen, Disable Win Updates, Run Shell , Invoke BSOD


[+] .NET 3.5 Installer


[+] UAC / Firewall / Taskmgr / RegEdit , Disabler + Enabler


[+] Shell / Webcam / MIC / Monitor / System Sound/ File Manager, Control


[+] TCP Connections Monitor


[+] Clipboard Manager + Password Manager


[+] Installed Programs Manager


[+] Activate Windows Option


[+] DDoS


[+] VB.NET Compiler / Google Maps


[+] Fun Functions


[+] Keylogger / Chat / File Searcher


[+] USB Spread + Bot Killer


[+] Prevent Sleep / Auto Sleep Disabler / Change Wallpaper / Message Box Popup / Delete Restore Points


[+] UAC Bypass


[+] Coin Clipper / Swapper


[+] Ransomware


[+] Ngrok Installer


[+] Tinynuke HVNC


[+] VNC Viewer


[+] Windows Defender , Disabler / Remover / Exclusion


[+] Startup, Registry / Folder / SCHTASKS aka Scheduled Tasks


[+] Worm


[+] Anti Analysis





Thats most of it
:P






====================================================


DOWNLOAD


====================================================






Password:


NULLED.TO





AnonFile



[Hidden content]








Zippyshare




[Hidden content]







Upload.ee




[Hidden content]







Sendspace



[Hidden content]








MirrorAce




[Hidden content]










Analysis of Infected File:





VT:


XWorm-RAT-V2.1-builder.exe => https://www.virustot...aefe66807eac93a


win-xworm-builder => https://www.virustot...e2307b80a560319





~ Telegram Stealer Dropped in %temp% Dir under "win-xworm-builder.exe"


~ Has Basic Anti Analysis as that was part why Id assume it was cracking so it was just the stub, either way easy to Bypass "CALL => NOP"
;)



~ Telegram Chat Channel ID 2024893777


~ Steals From





Spoiler







Thanks brother
 
Member
Joined
May 5, 2024
Messages
16
Reaction score
0
Points
1
For a second I assumed it was the stub dropping in the TEMP dir from the second "builder.exe" file as that was being executed but I assumed if it was not connected to a valid server that would exit the stub, I was reversing it for a TCP Connection and realized it is using a Telegram Channel to send data to , The RAT uses a TCP Connection over a Custom Port , Telegram is not involved. So Come to find out, it was his Stealer he binded.





So you almost got me :< but the weird admin prompt ? , the Fake Error ? , and ofc dropping this in the %temp% folder on Disk for AVs to Scan Un-Obfuscated Code 6/10 I give it
:(



Good Concept ?






Ps , Yes this is the CLEAN version , still run in sandbox tho . Good Practices
:D









Screenshots of Program





Spoiler





====================================================


FEATURES


====================================================












[+] Run File From, URL / Disk / Memory / RunPE


[+] Blank Screen, Disable Win Updates, Run Shell , Invoke BSOD


[+] .NET 3.5 Installer


[+] UAC / Firewall / Taskmgr / RegEdit , Disabler + Enabler


[+] Shell / Webcam / MIC / Monitor / System Sound/ File Manager, Control


[+] TCP Connections Monitor


[+] Clipboard Manager + Password Manager


[+] Installed Programs Manager


[+] Activate Windows Option


[+] DDoS


[+] VB.NET Compiler / Google Maps


[+] Fun Functions


[+] Keylogger / Chat / File Searcher


[+] USB Spread + Bot Killer


[+] Prevent Sleep / Auto Sleep Disabler / Change Wallpaper / Message Box Popup / Delete Restore Points


[+] UAC Bypass


[+] Coin Clipper / Swapper


[+] Ransomware


[+] Ngrok Installer


[+] Tinynuke HVNC


[+] VNC Viewer


[+] Windows Defender , Disabler / Remover / Exclusion


[+] Startup, Registry / Folder / SCHTASKS aka Scheduled Tasks


[+] Worm


[+] Anti Analysis





Thats most of it
:P






====================================================


DOWNLOAD


====================================================






Password:


NULLED.TO





AnonFile



[Hidden content]








Zippyshare




[Hidden content]







Upload.ee




[Hidden content]







Sendspace



[Hidden content]








MirrorAce




[Hidden content]










Analysis of Infected File:





VT:


XWorm-RAT-V2.1-builder.exe => https://www.virustot...aefe66807eac93a


win-xworm-builder => https://www.virustot...e2307b80a560319





~ Telegram Stealer Dropped in %temp% Dir under "win-xworm-builder.exe"


~ Has Basic Anti Analysis as that was part why Id assume it was cracking so it was just the stub, either way easy to Bypass "CALL => NOP"
;)



~ Telegram Chat Channel ID 2024893777


~ Steals From





Spoiler







thanks
 
Member
Joined
February 27, 2024
Messages
40
Reaction score
2
Points
8
For a second I assumed it was the stub dropping in the TEMP dir from the second "builder.exe" file as that was being executed but I assumed if it was not connected to a valid server that would exit the stub, I was reversing it for a TCP Connection and realized it is using a Telegram Channel to send data to , The RAT uses a TCP Connection over a Custom Port , Telegram is not involved. So Come to find out, it was his Stealer he binded.

So you almost got me :< but the weird admin prompt ? , the Fake Error ? , and ofc dropping this in the %temp% folder on Disk for AVs to Scan Un-Obfuscated Code 6/10 I give it
:(

Good Concept ?


Ps , Yes this is the CLEAN version , still run in sandbox tho . Good Practices
:D



Screenshots of Program

Spoiler

====================================================
FEATURES
====================================================




[+] Run File From, URL / Disk / Memory / RunPE
[+] Blank Screen, Disable Win Updates, Run Shell , Invoke BSOD
[+] .NET 3.5 Installer
[+] UAC / Firewall / Taskmgr / RegEdit , Disabler + Enabler
[+] Shell / Webcam / MIC / Monitor / System Sound/ File Manager, Control
[+] TCP Connections Monitor
[+] Clipboard Manager + Password Manager
[+] Installed Programs Manager
[+] Activate Windows Option
[+] DDoS
[+] VB.NET Compiler / Google Maps
[+] Fun Functions
[+] Keylogger / Chat / File Searcher
[+] USB Spread + Bot Killer
[+] Prevent Sleep / Auto Sleep Disabler / Change Wallpaper / Message Box Popup / Delete Restore Points
[+] UAC Bypass
[+] Coin Clipper / Swapper
[+] Ransomware
[+] Ngrok Installer
[+] Tinynuke HVNC
[+] VNC Viewer
[+] Windows Defender , Disabler / Remover / Exclusion
[+] Startup, Registry / Folder / SCHTASKS aka Scheduled Tasks
[+] Worm
[+] Anti Analysis

Thats most of it
:P


====================================================
DOWNLOAD
====================================================


Password:
NULLED.TO

AnonFile
[Hidden content]


Zippyshare
[Hidden content]


Upload.ee
[Hidden content]


Sendspace
[Hidden content]


MirrorAce
[Hidden content]



Analysis of Infected File:

VT:
XWorm-RAT-V2.1-builder.exe => https://www.virustot...aefe66807eac93a
win-xworm-builder => https://www.virustot...e2307b80a560319

~ Telegram Stealer Dropped in %temp% Dir under "win-xworm-builder.exe"
~ Has Basic Anti Analysis as that was part why Id assume it was cracking so it was just the stub, either way easy to Bypass "CALL => NOP"
;)

~ Telegram Chat Channel ID 2024893777
~ Steals From

Spoiler

 
Member
Joined
September 29, 2024
Messages
9
Reaction score
0
Points
1
For a second I assumed it was the stub dropping in the TEMP dir from the second "builder.exe" file as that was being executed but I assumed if it was not connected to a valid server that would exit the stub, I was reversing it for a TCP Connection and realized it is using a Telegram Channel to send data to , The RAT uses a TCP Connection over a Custom Port , Telegram is not involved. So Come to find out, it was his Stealer he binded.





So you almost got me :< but the weird admin prompt ? , the Fake Error ? , and ofc dropping this in the %temp% folder on Disk for AVs to Scan Un-Obfuscated Code 6/10 I give it
:(



Good Concept ?






Ps , Yes this is the CLEAN version , still run in sandbox tho . Good Practices
:D









Screenshots of Program





Spoiler





====================================================


FEATURES


====================================================












[+] Run File From, URL / Disk / Memory / RunPE


[+] Blank Screen, Disable Win Updates, Run Shell , Invoke BSOD


[+] .NET 3.5 Installer


[+] UAC / Firewall / Taskmgr / RegEdit , Disabler + Enabler


[+] Shell / Webcam / MIC / Monitor / System Sound/ File Manager, Control


[+] TCP Connections Monitor


[+] Clipboard Manager + Password Manager


[+] Installed Programs Manager


[+] Activate Windows Option


[+] DDoS


[+] VB.NET Compiler / Google Maps


[+] Fun Functions


[+] Keylogger / Chat / File Searcher


[+] USB Spread + Bot Killer


[+] Prevent Sleep / Auto Sleep Disabler / Change Wallpaper / Message Box Popup / Delete Restore Points


[+] UAC Bypass


[+] Coin Clipper / Swapper


[+] Ransomware


[+] Ngrok Installer


[+] Tinynuke HVNC


[+] VNC Viewer


[+] Windows Defender , Disabler / Remover / Exclusion


[+] Startup, Registry / Folder / SCHTASKS aka Scheduled Tasks


[+] Worm


[+] Anti Analysis





Thats most of it
:P






====================================================


DOWNLOAD


====================================================






Password:


NULLED.TO





AnonFile



[Hidden content]








Zippyshare




[Hidden content]







Upload.ee




[Hidden content]







Sendspace



[Hidden content]








MirrorAce




[Hidden content]










Analysis of Infected File:





VT:


XWorm-RAT-V2.1-builder.exe => https://www.virustot...aefe66807eac93a


win-xworm-builder => https://www.virustot...e2307b80a560319





~ Telegram Stealer Dropped in %temp% Dir under "win-xworm-builder.exe"


~ Has Basic Anti Analysis as that was part why Id assume it was cracking so it was just the stub, either way easy to Bypass "CALL => NOP"
;)



~ Telegram Chat Channel ID 2024893777


~ Steals From





Spoiler







 
Active Member
Joined
September 29, 2024
Messages
65
Reaction score
1
Points
8
For a second I assumed it was the stub dropping in the TEMP dir from the second "builder.exe" file as that was being executed but I assumed if it was not connected to a valid server that would exit the stub, I was reversing it for a TCP Connection and realized it is using a Telegram Channel to send data to , The RAT uses a TCP Connection over a Custom Port , Telegram is not involved. So Come to find out, it was his Stealer he binded.





So you almost got me :< but the weird admin prompt ? , the Fake Error ? , and ofc dropping this in the %temp% folder on Disk for AVs to Scan Un-Obfuscated Code 6/10 I give it
:(



Good Concept ?






Ps , Yes this is the CLEAN version , still run in sandbox tho . Good Practices
:D









Screenshots of Program





Spoiler





====================================================


FEATURES


====================================================












[+] Run File From, URL / Disk / Memory / RunPE


[+] Blank Screen, Disable Win Updates, Run Shell , Invoke BSOD


[+] .NET 3.5 Installer


[+] UAC / Firewall / Taskmgr / RegEdit , Disabler + Enabler


[+] Shell / Webcam / MIC / Monitor / System Sound/ File Manager, Control


[+] TCP Connections Monitor


[+] Clipboard Manager + Password Manager


[+] Installed Programs Manager


[+] Activate Windows Option


[+] DDoS


[+] VB.NET Compiler / Google Maps


[+] Fun Functions


[+] Keylogger / Chat / File Searcher


[+] USB Spread + Bot Killer


[+] Prevent Sleep / Auto Sleep Disabler / Change Wallpaper / Message Box Popup / Delete Restore Points


[+] UAC Bypass


[+] Coin Clipper / Swapper


[+] Ransomware


[+] Ngrok Installer


[+] Tinynuke HVNC


[+] VNC Viewer


[+] Windows Defender , Disabler / Remover / Exclusion


[+] Startup, Registry / Folder / SCHTASKS aka Scheduled Tasks


[+] Worm


[+] Anti Analysis





Thats most of it
:P






====================================================


DOWNLOAD


====================================================






Password:


NULLED.TO





AnonFile



[Hidden content]








Zippyshare




[Hidden content]







Upload.ee




[Hidden content]







Sendspace



[Hidden content]








MirrorAce




[Hidden content]










Analysis of Infected File:





VT:


XWorm-RAT-V2.1-builder.exe => https://www.virustot...aefe66807eac93a


win-xworm-builder => https://www.virustot...e2307b80a560319





~ Telegram Stealer Dropped in %temp% Dir under "win-xworm-builder.exe"


~ Has Basic Anti Analysis as that was part why Id assume it was cracking so it was just the stub, either way easy to Bypass "CALL => NOP"
;)



~ Telegram Chat Channel ID 2024893777


~ Steals From





Spoiler







TGW
 
Active Member
Joined
September 29, 2024
Messages
65
Reaction score
1
Points
8
None of the provided links work anymore, seems the files have been deleted.
Upload again.
@Mr.Robot
 
Advanced Member
Joined
March 20, 2024
Messages
100
Reaction score
4
Points
18
For a second I assumed it was the stub dropping in the TEMP dir from the second "builder.exe" file as that was being executed but I assumed if it was not connected to a valid server that would exit the stub, I was reversing it for a TCP Connection and realized it is using a Telegram Channel to send data to , The RAT uses a TCP Connection over a Custom Port , Telegram is not involved. So Come to find out, it was his Stealer he binded.





So you almost got me :< but the weird admin prompt ? , the Fake Error ? , and ofc dropping this in the %temp% folder on Disk for AVs to Scan Un-Obfuscated Code 6/10 I give it
:(



Good Concept ?






Ps , Yes this is the CLEAN version , still run in sandbox tho . Good Practices
:D









Screenshots of Program





Spoiler





====================================================


FEATURES


====================================================












[+] Run File From, URL / Disk / Memory / RunPE


[+] Blank Screen, Disable Win Updates, Run Shell , Invoke BSOD


[+] .NET 3.5 Installer


[+] UAC / Firewall / Taskmgr / RegEdit , Disabler + Enabler


[+] Shell / Webcam / MIC / Monitor / System Sound/ File Manager, Control


[+] TCP Connections Monitor


[+] Clipboard Manager + Password Manager


[+] Installed Programs Manager


[+] Activate Windows Option


[+] DDoS


[+] VB.NET Compiler / Google Maps


[+] Fun Functions


[+] Keylogger / Chat / File Searcher


[+] USB Spread + Bot Killer


[+] Prevent Sleep / Auto Sleep Disabler / Change Wallpaper / Message Box Popup / Delete Restore Points


[+] UAC Bypass


[+] Coin Clipper / Swapper


[+] Ransomware


[+] Ngrok Installer


[+] Tinynuke HVNC


[+] VNC Viewer


[+] Windows Defender , Disabler / Remover / Exclusion


[+] Startup, Registry / Folder / SCHTASKS aka Scheduled Tasks


[+] Worm


[+] Anti Analysis





Thats most of it
:P






====================================================


DOWNLOAD


====================================================






Password:


NULLED.TO





AnonFile



[Hidden content]








Zippyshare




[Hidden content]







Upload.ee




[Hidden content]







Sendspace



[Hidden content]








MirrorAce




[Hidden content]










Analysis of Infected File:





VT:


XWorm-RAT-V2.1-builder.exe => https://www.virustot...aefe66807eac93a


win-xworm-builder => https://www.virustot...e2307b80a560319





~ Telegram Stealer Dropped in %temp% Dir under "win-xworm-builder.exe"


~ Has Basic Anti Analysis as that was part why Id assume it was cracking so it was just the stub, either way easy to Bypass "CALL => NOP"
;)



~ Telegram Chat Channel ID 2024893777


~ Steals From





Spoiler







thanks
 
  • Tags
    builder disabler manager telegram xworm
  • Top