Presentation:
I present a spyware made from scratch and built in "C", apart from being a SpyWare, it can be categorised as a C&C, by default 5 simultaneous connections are allowed.
Functions:
This SpyWare/C&C is full of options, we can do things like this:
Remarcable:
Basic Plans:
Advanced Plans:
For those who choose an advanced plan, updates will be sent as ‘support’ for the malware.
Master Plan:
Get the complete source code with README.md which explains step by step the following:
As an extra we share an ‘autocompile.py’ that allows to compile everything automatically when the dependencies have been installed.
Contact Method and Payment form:
The payment process can be do it in XMR preferably we can discuss it in PM. For contact methods i have session and qtox.
I present a spyware made from scratch and built in "C", apart from being a SpyWare, it can be categorised as a C&C, by default 5 simultaneous connections are allowed.
Functions:
This SpyWare/C&C is full of options, we can do things like this:
- Shell mode: Powershell
- Exec comands in NO shell mode
- Low persistence: No admin required
- High Persistence: Admin required (Service based, when persistence runs the connection is from NT AUTHORITY/System)
- Download a file (Without size limit and a good looking progress bar)
- Upload a file (Without size limit and a good looking progress bar)
- Get system information (Not to much, Ram, full disk space, free disk space, PC name, processor, ...)
- Check if the file was run as admin
- Block peripherals
- Unblock peripherals
- Dump passwords (Edge/Brave/Chrome, it can be adapted for more browsers, its built from scratch understanding how the browser store the passwords)
- Display a message box with a message
- Make and download a screenshot (all in one function)
- Record "x" seconds of audio from the mic
- Scan the network of the victim (give the hosts in it)
- Scan a host in the victim network (give the open ports of the host.
- Detect Monero installation and steal .keys file.
- Detect all installed AVs on the victim
- Change crypto wallets if someone is copied into clipboard (Identifies ETH, BTC, XRP and LTC wallets.)
- Help commands to show aviable commands (on serves)
Remarcable:
- We have two main files, the server and the client. The server is modified to be beautiful and easy to use with help messages.
- The server creates a folder called DATA in the same location where the server is running, where, sectioned by the IP addresses of the sessions, the downloaded files are stored.
- The malware once executed, as long as the process has not been closed, can close the .exe on the server that the victim will try to connect to again and again, giving a break of 10s.
- We have commands to manage sessions by displaying the session id and the ip address of the session.
- Cache memory on session for those command that the output doesn't change. Like: check avs, sysinformation, scan network of the host, ...
- If the server got crash or stuck u can use [CTRL + C] to close and reopen, the client when notice that the connection has close it tries to connnect another time.
Basic Plans:
- Basic 1: Get malware and server in binary format with 5 simultaneous connections and only available (shell, dowload/upload, lowpersistence, password dump) (Changing the IP of attacker)
- Price: 200€
- Basic 2: Get malware and server in binary format with 20 simultaneous connections and only available (shell, exec, dowload/upload, lowpersistence, check, check avs, password dump) (Changing the IP of attacker and the crypto wallets)
- Price: 250€
- Basic 3: Get malware and server in binary format with 50 simultaneous connections (shell, exec, dowload/upload, sysinformation, persistence, lowpersistence, check, check avs, password dump) (Changing the IP of attacker and the wallets)
- Price: 300€
Advanced Plans:
- Advanced 1: Get malware and server in binary format with 100 simultaneous connections with all function available (Changing the IP of attacker and the crypto wallets to change in clipboard)
- Price: 400€
- Advanced 2: Get malware and server in binary format with 500 simultaneous connections with all function available (Changing the IP of attacker and the crypto wallets to change in clipboard)
- Price: 450€
- Advanced 3: Get malware and server in binary format with 1000 simultaneous connections with all function available (Changing the IP of attacker and the crypto wallets to change in clipboard)
- Price: 500€
For those who choose an advanced plan, updates will be sent as ‘support’ for the malware.
Master Plan:
Get the complete source code with README.md which explains step by step the following:
- The installation of the dependencies
- General information with all the commands and the functions of each of them
- Preparation on both windows and linux
- Manual compilation of the source files
- Brief explanation of how to use NGROK or Linux VPS ass a tunnel for windows.
As an extra we share an ‘autocompile.py’ that allows to compile everything automatically when the dependencies have been installed.
- Price: 1000€
Contact Method and Payment form:
The payment process can be do it in XMR preferably we can discuss it in PM. For contact methods i have session and qtox.
