This is a crack and XWORM v2.2 longer a reverse Rat source codes had been completely are so many shitty Rat, is certainly one of them. i’m sharing it so you don’t pay for such matters for not anything.in case your have any blunders troubles or need another assist, you can touch me thru telegram.

XWORM v2.2 in the sequel are going to show up quickly:

Since you stated that the software program is used by advanced users, does it imply that i may not be capable of use it on account that i am a intermediate consumer
What am i able to do with it XWORM v2.2.
Is the software compatible with all windows versions?
necessities XWORM v2.2 :
.net Framework 4.5 [Controller]
.internet Framework 4.zero [Client]
length : 46.5 KB [Full Features]
features:
Builder XWORM v2.2:
Schtasks – Startup – Registry |
AntiAnalysis – USB spread – Icon – meeting

Connection of XWORM v2.2:

solid Connection – Encrypted Connection |
gear :
Icon Changer – Multi Binder [Icon – Assembly] |
Fud Downloader [HTA-VBS-JS-WSF] – XHVNC – Block Clients
functions :
statistics
display [Mouse – Keyboard – AutoSave]
Run record [Disk – Link – Memory – Script – RunPE]
WebCam [AutoSave]
Microphone
gadget Sound XWORM v2.2
Open Url [Visible – Invisible]
TCP Connections
ActiveWindows
manner manager
Clipboard manager
Shell
set up applications
DDos assault XWORM v2.2
VB.net Compiler
place supervisor [GPS – IP]
file manager
customer [Restart – Close – Uninstall – Update – Block – Note]
alternatives :
power [Shutdown – Restart – Logoff]
BlankScreen [Enable – Disable]
TaskMgr [Enable – Disable]
Regedit [Enable – Disable]
UAC [Enable – Disable]
Firewall [Enable – Disable]
.net 3.five deploy
Disable update XWORM v2.2
Run Shell
Invoke-BSOD
Password restoration :
| FileZilla – ProduKey – WifiKeys – e mail clients |
| Bookmarks – Browsers – All-In-One – DicordTokens |
pastime :
CD ROOM [Open – Close]
DesktopIcons [Show – Hide]
SwapMouse [Swap – Normal]
TaskBar [Show – Hide]
display screen [ON-OFF]
extent [Up – Down – MUTE]
begin [Show – Hide]
Clock [Show – Hide]

text communicate XWORM v2.2:

Explorer [Start – Kill]
Tray Notify [Show – Hide]
more 1 :
KeyLogger
consumer Chat
FileSeacher
USB spread
Bot killer
PreventSleep
Message box XWORM v2.2
alternate Wallpaper
DeleteRestorePoints
UAC bypass [RunAs – Cmstp – Computerdefaults – DismCore]
Run Clipper [All Cryptocurrencies]
more 2 :
Ransomware [Encrypt – Decrypt]
Ngrok Installer
HVNC
Hidden RDP
WDDisable

Install [Startup – Registry – schtasks XWORM v2.2:

ophisticated XWorm RAT with Ransomware and HNVC attack abilities in the course of a routine threat-searching exercising, Cyble research labs discovered a dark net post wherein a malware developer was advertising and marketing a effective home windows RAT and XWORM v2.2.

determine 1 – darkish net submit for XWORM v2.2

This publish redirected us to the website of the malware developer, where multiple malicious equipment are being bought. The underneath determine suggests the malware developer’s website.

discern 2 – submit with the aid of The trojan horse Developer XWORM v2.2
The developer is selling tools to create malware, cover current malware, crypto cash grabber PowerShell scripts, etc.

we’ve cited all of the gear published by using the malware developer and the feasible impact of these equipment on victim systems. the subsequent table shows these equipment and their corresponding functionalities XWORM v2.2.

device price Description XWORM v2.2:

Hidden Malware Builder v2.zero/V4.zero $45 Hidden Malware Builder is a .internet-based malware builder device that calls for .internet Framework 4. This tool creates binary files with the following capabilities:
Hiding C&C server from different techniques, begin-up, scheduled responsibilities, and tough force.
Run as Administrator completely.
Merging with any other report with the AES algorithm.
Anti-evaluation techniques covered inclusive of anti-VM, anti-debugger, anti-sandbox, and anti-emulator.
Crypto money Grabber PowerShell Script $40 The malware developer sells PowerShell script to thieve cryptocurrency from the victims’ device.
Multi Downloader Builder V2.zero $30 download and execute multiple files from URL (FUD a hundred%) (Output: 7KB).
Hidden CPLApplet Builder V2.zero $eighty The developer has created a tool that can build malicious CPLApplet packages. the subsequent capabilities are to be had in the builder:
Injection in XWORM v2.2
Hidden schtasks.
WDExcluion.
Anti-analysis.
UAC Bypasser Builder V2.0 $50 UAC Bypasser builder tool bypasses the XWORM v2.2check of the operating gadget for the given report. The functions furnished by using the malware developer are:
assist All documents.
RunAs-Loop.
Cmstp-skip.
WDExclusion.
Anti-analysis.
TaskScheduler XWORM v2.2
XBinder V2.zero $80 XBinder tool is a far flung get right of entry to Trojan (RAT) builder and control device. The features, in step with the developer, are:
Runonce.
Hidden.
SetWorkPath.
REG [Start-up].
WDExclusion.
task [Start-up]. XWORM v2.2
UAC [Normal-Bypass].
put off [seconds].
Bot Killer.
Anti-analysis.
Delete After Run.
Disable high-quality Hidden.
Pumper.
Icon Changer XWORM v2.2
Spoofer.
XWorm V2.2 $a hundred and fifty This model of the malware builder tool creates consumer binaries with RAT and ransomware capabilities. The functionalities of the RATs created using this device are:
monitor [Mouse – Keyboard – AutoSave].
Run report [Disk – Link – Memory – Script – RunPE].
WebCam [AutoSave].
Microphone.
DDoS assault.
location manager [GPS – IP] XWORM v2.2
purchaser operation [Restart – Close – Uninstall – Update – Block – Note].
power [Shutdown – Restart – Logoff].
blank display screen [Enable – Disable].
Bookmarks – Browsers – All-In-One – DiscordTokens.
FileZilla – ProduKey – WifiKeys – e mail customers.
KeyLogger XWORM v2.2.
USB spread.
Bot killer.
UAC pass [RunAs – Cmstp – Computerdefaults – DismCore].
Run Clipper [All Cryptocurrencies].
Ransomware [Encrypt – Decrypt].

Ngrok Installer XWORM v2.2

Hidden RDP.
WDDisable.
WDExclusion.
deploy [Start-up – Registry – schtasks].
We searched for EvilCoder task samples inside the wild and identified some active times of XWorm, indicating that XWorm is a greater conventional and sophisticated variation. The malware is a .internet compiled binary, the use of a couple of endurance and defense evasion techniques.

The malicious binary can drop a couple of malicious payloads at various gadget places, can add and adjust registry entries, and might execute commands. determine 2 indicates the XWorm builder panel as proven on the developer’s site.

determine 3 – XWorm submit on Malware Developer’s internet site Technical evaluation
XWorm is a .internet binary whose size is 45.five KB. The file information of “XWorm.exe” are:

Determine 4 – file details of XWORM v2.2:

Upon execution, the malware sleeps for one second and performs numerous exams including checking for a mutex, detecting virtual machines, emulators, debugger, sandbox environments, and Anyrun. If any of these times are gift, the malware terminates itself XWORM v2.2.

Determine 5 – Anti analysis techniques used by XWORM v2.2 The malware enumerates the mounted packages inside the users’ gadget and tests for strings, VMWare, and VirtualBox. If those are gift, the malware terminates itself, as shown within the discern underneath.

figure 6 – Malware exams for Virtualization software
The malware uses the tick be counted of the machine to come across emulators. The malware then calls the CheckRemoteDebuggerPresent() approach to discover the debugger’s presence inside the person’s machine XWORM v2.2.

The malware also can stumble on the sandbox surroundings if “SbieDll.dll” is present in the machine. The malware especially tests if it’s far running in the Anyrun sandbox environment through checking the reaction text from XWORM v2.2

If the reaction is about to “true, ” it terminates its execution. The figure beneath shows the anti-analysis code snippet.

discern 7 – Malware performs various Anti-analysis tests
to set up patience, the malware drops itself into the begin-up folder. The malware additionally copies itself into the “AppData” folder and creates a scheduled mission access.

subsequently, the malware creates an autorun entry in the registry to make sure the malware executes each time the device restarts. The parent below suggests the staying power sports completed through the malware XWORM v2.2.

determine eight – Malware ordinary to establish persistence on a sufferer device
After organising persistence, the malware initiates verbal exchange with the C&C server. Then, the malware creates a brand new thread that collects and sends machine information to the C&C domain system6458[.]ddns[.]internet on XWORM v2.2.

Exfiltrated details include information consisting of processor be counted, UserName, MachineName, OSVersion, Malware version, date of malware introduction, administrative privileges, webcam info, and antivirus packages mounted inside the system.

figure 9 – Malware Sending the machine details to C&C XWORM v2.2

all of the essential facts along with C&C, encryption key, filename, and mutex call is saved in a public class, “Settings,” as proven within the figure under.

parent 10 – Hardcoded Configuration information of XWORM v2.2
After the preliminary communique, the malware waits for commands from the C&C server. The malware can perform more than one responsibilities together with keylogging, display capture, auto-replace, self-destructing, running scripts, and ransomware operations.

The malware has the routine study(), which receives AES encrypted commands from the C&C, which might be then decrypted and used to carry out related operations. a number of these essential operations are discussed in the following section. The below parent suggests the code snippet of malware that performs DDoS and Clipper operations.

determine eleven – habitual to perform DDoS and Clipper Operations XWORM v2.2
The malware has a recurring to perform document folder operations like create documents/folder, display, or conceal documents/folder, exfiltrate files, etc. The discern under shows the record operation workouts.

parent 12 – report and Folder Operations of the Malware
the subsequent determine shows the keylogging, display seize, and mouse operations, along side corresponding commands.

parent thirteen – ordinary for Keyboard Mouse and screen Operations
The malware writer additionally gives an encryption ordinary for ransomware operations, as shown under.

figure 14 – file Encryption ordinary XWORM v2.2:

This malware additionally has a habitual for acting a Hidden digital community Computing (HVNC) assault. HVNC is a tactical means for malware to manipulate a faraway device with out the sufferer’s expertise. The figure below shows the habitual for appearing an HVNC attack.

figure 15 – recurring to carry out an HVNC assault

This post showcases that even a malware developer with minimum or no duty can expand malicious packages and promote them to numerous forums for monetary gains.

To get greater clients, the malware builders provide more than one rather impactful and threatening functions including ransomware, HVNC, etc., to TAs.

we’ve got discovered comparable trends in advance, where malware developers offer extraordinarily sophisticated tools to cybercriminals for their own monetary advantage.

we will hold monitoring the latest chance XWORM v2.2 actors and tendencies across the floor, deep and dark net and maintain our readers knowledgeable.

we’ve got listed some important cybersecurity fine practices that create the first line of control towards attackers. We advocate that our readers observe the great practices given underneath:

How to prevent malware contamination XWORM v2.2:

download and set up software handiest from legitimate app stores like Play save or the iOS App shop.
Use a reputed antivirus and internet safety software program package deal in your related gadgets, inclusive of pcs, laptops, and mobile gadgets.
Use robust passwords and implement multi-element authentication anyplace possible XWORM v2.2.
enable biometric security functions together with fingerprint or facial recognition for unlocking the cell device wherein feasible.
Be cautious of starting any hyperlinks acquired through SMS or emails introduced for your phone.
ensure that Google Play guard is enabled on Android devices.
Be careful whilst allowing any permissions.
maintain your devices, running structures, and programs updated.
how to identify whether you are infected XWORM v2.2.

frequently take a look at the cell/wi-fi records utilization of packages hooked up on cellular devices.
keep an eye at the indicators provided by way of Antiviruses and Android OS and take essential moves therefore.
MITRE ATT&CK® techniques
Tactic method identity technique name XWORM v2.2.

Execution T1059.001 Bypasses PowerShell execution coverage
staying power T1547.001 Registry Run Keys / Startup Folder
Privilege Escalation T1055 method Injection
defense Evasion T1027.003 Obfuscated files or records
protection Evasion T1036.1/2 Masquerading – Drops PE documents with benign device names
Discovery T1082 device statistics Discovery XWORM v2.2.

Command and manipulate T1071.001 software Layer Protocol
signs of Compromise (IOCs)
SHA1
MD5 XWorm.exe
8cfefc291d9088ef0b3ab7dd59d8ff672e73d333c8d18bd1dff4c7695ae8af83
e8c6d68e67d853180d36116e3ba27e4f12346dc2
cd76badf66246e0424954805222e4f58 SHA256
SHA1
MD5 XWorm.exe
096e33b9b0b4f843a7ea0259f75b4370f00ab90f3807eb89d5f0117da762900d
a7e95c1d51a278b59097524a14d042257f3e2801
a29c3748c9361f9fe19b87d3358cb46d SHA256 SHA1
MD5 XWorm.exe
8f9fff88c0c636c80ca0a4cfa37d3fb620289579a1ecae9ba1d3881235b482ee 93c2c2c80274ed4c663423c596d0648e8b548ec2
989b8118ff0e8e72214253e161a9887f SHA256 SHA1
MD5 XWorm.exe
b9a9ae029ca542aadea0b384e4cfb50611d1a92c4570db5ddc5e362c4ebe41b4 fdce6ef81ccf3d697f20c020020bbb6b51f8b1f1
e38e59e6d534262dd55a3b912bf169cc SHA256 SHA1
MD5 XWorm.exe
64519b4e63dbedc44149564f3d472c720fa3c6a87c9ad4f07d88d7fd1914f5b9 2edbb78ec7c8f6a561eb30fd43c31841d74217df
b97cc4a173bc566365e0ab4128f2181a SHA256 SHA1
MD5 XWorm.exe
8a399e51bdcd4b8d0a041236e80b3094987a80674bda839351fef1585c8c921b af6bd2d2732269d0b6bbb78006e4980511ac8546
744a85f5ddef7c029f2f9ed816ec66ef SHA256 SHA1
MD5 XWorm.exe
b09bf46468d9ed8b1957246f4cf7fd15679212fe9e5df7df6101179e0594cae6 72af980aaaa635bc4425b59ef523f8088b3874d5
4b8235bdd494bf5b762528dd96931072 SHA256 SHA1
MD5 XWorm.exe
b327ec6f6dba10eb77cf47e8486059da63d1d77c3206a8a5ba381b2f1e621651 be06e7a5bff1bcd1fd27ff6789ae87513cd9d4de
fed104dae34e598ebc7fa681a39f4fcd SHA256 SHA1
MD5 XBinder Builder
d0b9f3b7f87c8fda4dae8ec3606b7468b0a2d5d32b6b889f983b4ed15a8d2076 89e68bfb7e139343d838efc8d584a1a76256bc84
28347b4d82e5b28655e091dd35d218bf SHA256 SHA1
MD5 XBinder Builder XWORM v2.2
cbc87f41023b27b31a0eeac9818fa06db2914b5cc7c18c9392944ddc721b4efb 9bbb4afa7dd21e37f09ce9bb81ff7ab961a20f2a
e22cdc1cd9d43143e45cc1260a87e197 SHA256 SHA1
MD5 XBinder Builder
f89b62d1cf8d2bfd83be841187502318817bc58725a5409c1c2fb6c0c7b14959 716bf966c68ac8b120b8029a294e9c5d9d21f637
8ae59924803c3ea7b8da29786bc4f332 SHA256 SHA1
MD5 XBinder client
83d59c2eb05891dcd30973ebe5c04aab99bd9371323522e9d968f67a3423d13d 25b7a76554add5b5ed85e9caed7c0ab67b8cb118
ab67fe7c24d9c075ef7567d796cc5544 SHA256 SHA1
MD5 XBinder purchaser
d9979fead904eb5fc9f0c0f99c6551b05940f94d001411d611ad8c95b3058769 2ee39858f4eabf1e469e1934277e61fe6dd5794a
93ec63f85938d09a4161b8569014adee SHA256 SHA1
MD5 XBinder purchaser XWORM v2.2 XWORM v2.2
107ac41ba6ecd2025027721dc98307bd2859d473b1eedabc666e7dc12f537f77 2249bbf4bbfcc7aec0d6e35803074433c4aa6ae8
651103da17aae5c2e3fc8f9ab45140d2 SHA256 SHA1
MD5 XBinder patron
6cf9c275f41580a31b8869f9173589705b7ce998dfff58f735f66b97d89f08fd 046c0de06a918ed6b1b6a232e276db55ae5b48ee
7ae4668d2e693daa13a81c9cbeaeb31f SHA256 SHA1
MD5 XBinder customer
40d68523748f6eaf765970a40458faccbe84ef5dff7acbdaf29ac5a69d7cae6f a6ff2293ae5bfd10dedb93bfbb12b1ec3faabfe0
594472ed0352490ab2a8f89e68d30e08 SHA256 SHA1
MD5 XBinder client
81a3baf389888e4d554e74975fe15937a502c3b9d8c494b2f0ce4c25deb75b45 d76ac6a11653c3cf7f46cb597bd8c38e5a78e124
1263b78103ae7586a1c982e5db37e1c7 SHA256 SHA1
MD5 XBinder purchaser
4e019e68320099ff0e80a7598053d5968ee8ed91c30cc794a47f9f2f0f3f45de 41f0699c96e58aadc78d0c50eaf699d9f566698d
8cdaf4513877c0d4ffa3bbfabb3d44c5 SHA256 SHA1
MD5 XBinder purchaser XWORM v2.2
0aae80e6ca6cbdc0a79dbdf30767182edd94ed65bc378eb6e39d2b68fd78b8e0 6b16d72f6cae6d6ee7c9ed4d2a5a044effd3ab8f
f3170f958826b128145589fc21ef7f32 SHA256 SHA1
MD5 XBinder consumer
0d875a09bf7fb5088aa21f26110db96d1963e743535fd16f0ceb3d16683c2921 a00b7c3c250c6546ac0d4f349379d943432ef573
f2341a3d23188aefb43735b1fc68f7c8 SHA256 SHA1
MD5 XBinder purchaser
21bcba3634c4ad91993b5033179a22b77d1d8ed1da1d1cdd506f8d8a03bc0251 2f7801f2e18aa4abe2bc7964ea4626f5949feb2f
ba27b6fe77a27d890b02e9901a1a0335 SHA256 SHA1
MD5 XBinder client
edab4840b84e16587b62b7133bb7fa030d21fcd6658c976b2b9ececa2453ec2b 42a3c7e173f7951055ccb226cdc768a0e70ddeb3
a2431ec170f3cd0d1cd8dc1808a9d967 SHA256 SHA1
MD5 XBinder customer XWORM v2.2
14a661bbdf915bfde309a2d42c0729fac10ce44d12c66f24b9136f4aae731f6e 24a4a5262ccb6a5b2c5ec2b5f6186bf3c6352f07
f5e96cfa82804513c81c7548cad9bfc0 SHA256 SHA1
MD5 XBinder purchaser
54f292586ec66057a859df0225b1338c2b701d1e50e3137e94235375cd9e8c94 58e6fb22e83c856e2b88b5f9a6352d999be2b374
63d1d6e2ab3c1a306fc477860f45a264 SHA256 SHA1
MD5 XBinder client
e2a4035f3a4f473a79f6b11f6b95254180052d5e6022b5d40fa8ea307abbfbe3 b29136f7f196229630aaaf6bba0a1c184f3b92b0
c4bdbb3cc647499b082dd6ea44d0c67b SHA256 SHA1
MD5 XBinder client XWORM v2.2
1eba59961ce6b1c1a8741e488cfd8012cbd6b3f4dc8540469a8dd00e8807b60f 4c891516487d78a854104720b83be59af43a8df3
54b32e41c9c4b6f8bab625fa6f4759e4 SHA256 SHA1
MD5 XBinder customer XWORM v2.2

 

features:

Builder :
Schtasks – Startup – Registry |
| AntiAnalysis – USB spread – Icon – assembly |
| Icon p.c. |
Connection :
| strong Connection – Encrypted Connection |
tools :
| Icon Changer – Multi Binder [Icon – Assembly] |
| Fud Downloader [HTA-VBS-JS-WSF] – XHVNC – BlockClients |
functions :
records
reveal [Mouse – Keyboard – AutoSave]
Run document [Disk – Link – Memory – Script – RunPE]
WebCam [AutoSave]
Microphone
device Sound
Open Url [Visible – Invisible]
TCP Connections
ActiveWindows
process supervisor
Clipboard supervisor
Shell
installed programs

DDos assault
VB.internet Compiler
region supervisor [GPS – IP]
record manager
purchaser [Restart – Close – Uninstall – Update – Block – Note]
options :
energy [Shutdown – Restart – Logoff]
BlankScreen [Enable – Disable]
TaskMgr [Enable – Disable]
Regedit [Enable – Disable]
UAC [Enable – Disable]
Firewall [Enable – Disable]
.internet three.five installation
Disable replace
Run Shell
Invoke-BSOD
Password healing :
| FileZilla – ProduKey – WifiKeys – electronic mail customers |
| Bookmarks – Browsers – All-In-One – DicordTokens |
interest :
CD ROOM [Open – Close]
DesktopIcons [Show – Hide]
SwapMouse [Swap – Normal]
TaskBar [Show – Hide]
display [ON-OFF]
quantity [Up – Down – MUTE]
begin [Show – Hide]
Clock [Show – Hide]
textual content communicate
Explorer [Start – Kill]
Tray Notify [Show – Hide]
extra 1 :
KeyLogger
customer Chat
FileSeacher
USB unfold
Bot killer
PreventSleep
Message box
trade Wallpaper
DeleteRestorePoints
UAC pass [RunAs – Cmstp – Computerdefaults – DismCore]
Run Clipper [All Cryptocurrencies]
greater 2 :
Ransomware [Encrypt – Decrypt]
Ngrok Installer
HVNC
Hidden RDP
WDDisable
installation [Startup – Registry – schtasks]

 

Sources