- Автор темы
- Добавить закладку
- #201
hello, i'm officially releasing v7:
Spectre 7.0 Modular RAT | Stealer | Hidden Apps
GENERAL
* C++ Windows modular RAT
* php/ajax c2 server (web panel)
* not based on another malware
MODULAR
Current setup consists of 3 modules/exes:
* Bot/loader (main/required)
* Stealer (optional)
* Hidden Apps (optional)
=== NEW FEATURES ===
# http communications encryption (bot/modules <> server)
# [stealer] wallet grabber > desktop + web (chrome)
# proxy servers > configurable on the panel. protect the c2 (bot > proxy > c2)
(+) in case of blacklist/ban/detections replace the proxy vps and update the list
# [stealer] keylogger > offline mode > add filtering by strings in app/titles
# [stealer] keylogger > offline mode > avoid saving logs to file. keeping on memory
# [stealer] keylogger > offline mode > show all compiled txt data on the panel page
# first boot persistence > set custom stub path
# download files > md5 hash integrity check
# check if the stealer is found and report to server
# panel > show warning if errors are found on logs
# execute > retry if failed the first time
# update > refud > set custom folder/path for the stub
# [stealer] files explorer > added button to go up one folder
RAT/BOT/LOADER
(+) upload + download + execute (exe/bat/vbs)
(+) execute the modules (stealer+hidden apps)
(+) execute 2nd stage exe/payload at first boot (another stealer, miner, etc)
(+) update
* "refud/replace" mode / replace the current running binary for the refuded/patched one
(!) this feature will not crypt your binary. only does the update/deploy
* "new version" mode / update to new bot+panel (with new features)
(+) processes list+kill
(+) kill+delete bot/modules
(+) startup+persistence (autorun)
* startup shortcut (survive pc reboot)
* persistence > scheduled task to re-execute the bot if killed (needs admin user or elevated)
* both can be turned on/off on the panel
(+) single/group/mass commands
* set a command for a single bot, for a group or for all (mass)
(+) multiple commands for each bot (commands queue)
* if the target is offline commands will be executed when online
* show/cancel pending commands
STEALER (MODULE)
(+) files explorer
# navigate + create new folders
# download files
# upload + delete + rename (files+folders)
# search
# detects installed drives (c:\, d:\, e:\, etc)
(+) harvest / find (files grabber)
* find
* by filename / extension / filename+extension
* folders: predefined / custom
* optional "max file size" value (avoid uploading huge files)
* upload files from search results
* harvest
* zip found files and upload the package
(+) pass recovery + browsers data
* pass: chrome / firefox / edge / opera / filezilla / thunderbird
* firefox autofill+history+cookies
* chrome/edge/opera autofill+credit cards+history+cookies
(+) clipboard stealer
* live mode + download/delete data
* saves the active window (program)
(+) crypto clipper/swapper
* replaces bitcoin/ethereum/monero addresses with yours
(+) keylogger
* offline mode
* 3 predefined intervals to send the logs
* saves the active window (program)
(+) live keylogger
* titles filter: send keys only if a certain app/title is focused
(+) screenshot
(+) screenshot burst
* take multiple screenshots when a window/app is focused and matches the titles/strings specified
* configure 3/5/10 screenshots burst
(+) shell/cmd (simple)
* run cmds and get the output (single mode)
* run cmds as "oneliners" without output (mass/group mode)
* note: not a fully interactive reverse shell (check hidden apps module for a better solution)
(+) pc info
* installed programs + hardware info
HIDDEN APPS (MODULE)
(+) hidden browsers
* use the target's browser hidden from the user (firefox/chrome/edge)
* browser default user profile is used. access the sessions, passwords saved, bookmarks, history, etc.
* notes: connection is http (not super fast). does not replace a full hvnc.
(+) hidden cmd.exe (reverse shell)
* fully interactive
MISC
# run cmds (shell) onliners at first boot
# strings dynamic decryption
# randomized internal strings (bot+panel)
# campaign/bot id option
# cookies in json+netscape format
(+) anti-analysis
* if analysis tools are running the bot exits
* unique mutex for each build
* binary strings obfuscated
(+) Unicode support (works on all languages)
(+) chromium decryption serverside
(+) strings encryption randomized for each sample
(+) features can be removed from the stealer by request if not needed (main ones like keylogger, clipboard, etc).
(+) custom features can be added for an extra fee
C2 WEB PANEL
* list targets + set commands
* first boot (auto-tasks/configs). config the modules for the first time execution.
* targets' log (activity/commands executed)
* dark/light theme
* secure login with user/password and "2fa" code
* country info+flag
* save aliases (friendly bot names)
* cancel commands
* download all files as zip
* resources tab > easy management of the files/modules to be dropped on targets (upload/delete/rename)
* filter uploaded files by current selected target and file types (imgs, dumps, etc)
* filter bots by ip, country or os
* bots list showing last connection, boot counts, alive time, campaign/bot id, screenshots count
* screenshots > thumbnails (gallery)
* show hide columns os/campaign id/last connection
* ping/knock custom randomized interval
PANEL SCREENSHOTS
PROS
+ secure. the panel runs from a hosting/vps. not on your computer
+ secure. you can login using Tor (needs javascript full turned on)
+ no setup. avoid vpns with port forwarding or tunneling. you get ready access to the panel
+ multiple features coming on future versions
CRYPTING
(*) not "fud". needs crypting/protecting for antivirus evasion
(*) a crypter with "native 32 bits" support should be used (for a c++ app)
CAVEATS / NOTES
(*) c2 panel needs javascript full turned on
(*) exe sizes are ~250kb (bot) ~400kb (stealer) ~260kb (hidden apps)
(*) tested on Windows 7/8.1/10/11
ASSETS YOU WILL RECEIVE
* exe(s) (depending on the selected modules)
* access to the c2 panel
* readme
PRICING
* bot/loader 350
* vps+domain+panel 50
+ stealer 200 (optional module/exe)
+ hidden apps 50 (optional module/exe)
+ proxy server 50 (optional recomended to protect the c2 server. bot <> proxy <> c2 server)
(*) prices are monthly
(*) xmr / btc / ltc / eth / usdt / dai accepted
(*) vps/c2 panel re-setup 50 (if server gets banned / ideally add the proxy to avoid this)
CONTACTS
Jabber(OTR) + Tox. Request by PM.
TERMS OF SERVICE
* each client gets a unique domain+vps service (not shared)
* your plan starts once the vps+domain is setup and you get access to the panel. if there is a delay between the payment and the setup, you won't lose any time of using the tool
* setup time (after payment confirmation) is done usually within 24hs
* your panel domain will be randomly generated. it cannot be changed or chosen
* no ftp/cpanel will be provided directly to the vps service
* refund is only done (in special cases) for the tool price only (not the vps/domain costs)
Spectre 7.0 Modular RAT | Stealer | Hidden Apps
GENERAL
* C++ Windows modular RAT
* php/ajax c2 server (web panel)
* not based on another malware
MODULAR
Current setup consists of 3 modules/exes:
* Bot/loader (main/required)
* Stealer (optional)
* Hidden Apps (optional)
=== NEW FEATURES ===
# http communications encryption (bot/modules <> server)
# [stealer] wallet grabber > desktop + web (chrome)
# proxy servers > configurable on the panel. protect the c2 (bot > proxy > c2)
(+) in case of blacklist/ban/detections replace the proxy vps and update the list
# [stealer] keylogger > offline mode > add filtering by strings in app/titles
# [stealer] keylogger > offline mode > avoid saving logs to file. keeping on memory
# [stealer] keylogger > offline mode > show all compiled txt data on the panel page
# first boot persistence > set custom stub path
# download files > md5 hash integrity check
# check if the stealer is found and report to server
# panel > show warning if errors are found on logs
# execute > retry if failed the first time
# update > refud > set custom folder/path for the stub
# [stealer] files explorer > added button to go up one folder
RAT/BOT/LOADER
(+) upload + download + execute (exe/bat/vbs)
(+) execute the modules (stealer+hidden apps)
(+) execute 2nd stage exe/payload at first boot (another stealer, miner, etc)
(+) update
* "refud/replace" mode / replace the current running binary for the refuded/patched one
(!) this feature will not crypt your binary. only does the update/deploy
* "new version" mode / update to new bot+panel (with new features)
(+) processes list+kill
(+) kill+delete bot/modules
(+) startup+persistence (autorun)
* startup shortcut (survive pc reboot)
* persistence > scheduled task to re-execute the bot if killed (needs admin user or elevated)
* both can be turned on/off on the panel
(+) single/group/mass commands
* set a command for a single bot, for a group or for all (mass)
(+) multiple commands for each bot (commands queue)
* if the target is offline commands will be executed when online
* show/cancel pending commands
STEALER (MODULE)
(+) files explorer
# navigate + create new folders
# download files
# upload + delete + rename (files+folders)
# search
# detects installed drives (c:\, d:\, e:\, etc)
(+) harvest / find (files grabber)
* find
* by filename / extension / filename+extension
* folders: predefined / custom
* optional "max file size" value (avoid uploading huge files)
* upload files from search results
* harvest
* zip found files and upload the package
(+) pass recovery + browsers data
* pass: chrome / firefox / edge / opera / filezilla / thunderbird
* firefox autofill+history+cookies
* chrome/edge/opera autofill+credit cards+history+cookies
(+) clipboard stealer
* live mode + download/delete data
* saves the active window (program)
(+) crypto clipper/swapper
* replaces bitcoin/ethereum/monero addresses with yours
(+) keylogger
* offline mode
* 3 predefined intervals to send the logs
* saves the active window (program)
(+) live keylogger
* titles filter: send keys only if a certain app/title is focused
(+) screenshot
(+) screenshot burst
* take multiple screenshots when a window/app is focused and matches the titles/strings specified
* configure 3/5/10 screenshots burst
(+) shell/cmd (simple)
* run cmds and get the output (single mode)
* run cmds as "oneliners" without output (mass/group mode)
* note: not a fully interactive reverse shell (check hidden apps module for a better solution)
(+) pc info
* installed programs + hardware info
HIDDEN APPS (MODULE)
(+) hidden browsers
* use the target's browser hidden from the user (firefox/chrome/edge)
* browser default user profile is used. access the sessions, passwords saved, bookmarks, history, etc.
* notes: connection is http (not super fast). does not replace a full hvnc.
(+) hidden cmd.exe (reverse shell)
* fully interactive
MISC
# run cmds (shell) onliners at first boot
# strings dynamic decryption
# randomized internal strings (bot+panel)
# campaign/bot id option
# cookies in json+netscape format
(+) anti-analysis
* if analysis tools are running the bot exits
* unique mutex for each build
* binary strings obfuscated
(+) Unicode support (works on all languages)
(+) chromium decryption serverside
(+) strings encryption randomized for each sample
(+) features can be removed from the stealer by request if not needed (main ones like keylogger, clipboard, etc).
(+) custom features can be added for an extra fee
C2 WEB PANEL
* list targets + set commands
* first boot (auto-tasks/configs). config the modules for the first time execution.
* targets' log (activity/commands executed)
* dark/light theme
* secure login with user/password and "2fa" code
* country info+flag
* save aliases (friendly bot names)
* cancel commands
* download all files as zip
* resources tab > easy management of the files/modules to be dropped on targets (upload/delete/rename)
* filter uploaded files by current selected target and file types (imgs, dumps, etc)
* filter bots by ip, country or os
* bots list showing last connection, boot counts, alive time, campaign/bot id, screenshots count
* screenshots > thumbnails (gallery)
* show hide columns os/campaign id/last connection
* ping/knock custom randomized interval
PANEL SCREENSHOTS
PROS
+ secure. the panel runs from a hosting/vps. not on your computer
+ secure. you can login using Tor (needs javascript full turned on)
+ no setup. avoid vpns with port forwarding or tunneling. you get ready access to the panel
+ multiple features coming on future versions
CRYPTING
(*) not "fud". needs crypting/protecting for antivirus evasion
(*) a crypter with "native 32 bits" support should be used (for a c++ app)
CAVEATS / NOTES
(*) c2 panel needs javascript full turned on
(*) exe sizes are ~250kb (bot) ~400kb (stealer) ~260kb (hidden apps)
(*) tested on Windows 7/8.1/10/11
ASSETS YOU WILL RECEIVE
* exe(s) (depending on the selected modules)
* access to the c2 panel
* readme
PRICING
* bot/loader 350
* vps+domain+panel 50
+ stealer 200 (optional module/exe)
+ hidden apps 50 (optional module/exe)
+ proxy server 50 (optional recomended to protect the c2 server. bot <> proxy <> c2 server)
(*) prices are monthly
(*) xmr / btc / ltc / eth / usdt / dai accepted
(*) vps/c2 panel re-setup 50 (if server gets banned / ideally add the proxy to avoid this)
CONTACTS
Jabber(OTR) + Tox. Request by PM.
TERMS OF SERVICE
* each client gets a unique domain+vps service (not shared)
* your plan starts once the vps+domain is setup and you get access to the panel. if there is a delay between the payment and the setup, you won't lose any time of using the tool
* setup time (after payment confirmation) is done usually within 24hs
* your panel domain will be randomly generated. it cannot be changed or chosen
* no ftp/cpanel will be provided directly to the vps service
* refund is only done (in special cases) for the tool price only (not the vps/domain costs)
