• XSS.stack #1 – первый литературный журнал от юзеров форума

Spectre 5.0 RAT | Botnet | HiddenBrowser

В этой теме можно использовать автоматический гарант!

Новая сделка
Отслеживать
hello, i'm releasing the new version.

Spectre 8.0 Modular RAT | Stealer | Hidden Apps

GENERAL
* C++ Windows modular RAT
* php/js dynamic c2 server (web panel)
* not based on another malware
(!) [important] the panel is limited to 1000 bots. the tool is now oriented to targeted attacks (not mass spam).

MODULAR
Setup consists of 3 modules/exes:
* Bot (main/required)
* Stealer (optional)
* Hidden Apps (optional)

BOT/LOADER
(+) upload + download + execute (exe/bat/vbs)
(+) execute the modules (stealer+hidden apps)
(+) execute 2nd stage payloads (exe/bat/vbs) at first boot (another stealer, miner, etc)
(+) update "refud/replace" mode
* replace the current running bot for the refuded one
(+) processes list+kill
(+) kill+delete bot/modules
(+) startup+persistence (autorun)
* startup shortcut (survive pc reboot)
* persistence > scheduled task to re-execute the bot if killed (needs admin user. no uac)
* both can be turned on/off on the panel
(+) pc info
* installed programs + hardware info
(+) single/group/mass commands
(+) multiple commands for each bot (commands queue)
* if the target is offline commands will be executed when online
* show/cancel pending commands

STEALER (MODULE)
(+) files explorer
# navigate + create new folders
# download files
# upload + delete + rename (files+folders)
# search
# detects installed drives (c:\, d:\, e:\, etc)

(+) harvest / find (files grabber)
* find
* by filename / extension / filename+extension
* folders: predefined / custom
* optional "max file size" value (avoid uploading huge files)
* upload files from search results
* harvest
* zip found files and upload the package

(+) pass recovery + browsers data
* pass: chrome / firefox / edge / opera / filezilla / thunderbird
* firefox autofill+history+cookies
* chrome/edge/opera autofill+credit cards+history+cookies

(+) clipboard stealer
* live mode + download/delete data
* saves the active window (program)

(+) crypto clipper/swapper
* replaces bitcoin/ethereum/monero addresses with yours

(+) keylogger
* offline mode
* 3 predefined intervals to send the logs
* saves the active window (program)

(+) live keylogger
* titles filter: send keys only if a certain app/title is focused

(+) screenshot

(+) screenshot burst
* take multiple screenshots when a window/app is focused and matches the titles/strings specified
* configure 3/5/10 screenshots burst

(+) shell/cmd (simple)
* run cmds and get the output (single mode)
* run cmds as "oneliners" without output (mass/group mode)
* note: not a fully interactive reverse shell (check hidden apps module for a better solution)


HIDDEN APPS (MODULE)

(+) hidden browsers
* use the target's browser hidden from the user (firefox/chrome/edge)
* browser default user profile is used. access the sessions, passwords saved, bookmarks, history, etc.
* notes: connection is http (not super fast). does not replace a full hvnc.

(+) hidden cmd.exe (reverse shell)
* fully interactive

MISC

# run cmds (shell) oneliners at first boot
# strings dynamic decryption
# randomized internal strings (bot+panel)
# campaign/bot id option
# cookies in json+netscape format
(+) anti-analysis
* if analysis tools are running the bot exits
* unique mutex for each build
* binary strings obfuscated
(+) Unicode support (works on all languages)
(+) chromium decryption serverside
(+) strings encryption randomized for each sample
(+) features can be removed from the stealer by request if not needed (main ones like keylogger, clipboard, etc).
(+) custom features can be added for an extra fee

C2 WEB PANEL
(!) [important] the panel is limited to 1000 bots. the tool is now oriented to targeted attacks (not mass spam).
* list targets + set commands
* first boot (auto-tasks/configs). config the modules for the first time execution.
* targets' log (activity/commands executed)
* dark/light theme
* secure login with user/password and "2fa" code
* country info+flag
* save aliases (friendly bot names)
* cancel commands
* download all files as zip
* resources tab > easy management of the files/modules to be dropped on targets (upload/delete/rename)
* filter uploaded files by current selected target and file types (imgs, dumps, etc)
* filter bots by ip, country or os
* bots list showing last connection, boot counts, alive time, campaign/bot id, screenshots count
* screenshots > thumbnails (gallery)
* show hide columns os/campaign id/last connection
* ping/knock custom randomized interval

=== V7 ADDED FEATURES ===
# http communications encryption (bot/modules <> server)
# [stealer] wallet grabber > desktop + web (chrome)
# proxy servers > configurable on the panel. protect the c2 (bot > proxy > c2)
(+) in case of blacklist/ban/detections replace the proxy vps and update the list
# [stealer] keylogger > offline mode > add filtering by strings in app/titles
# [stealer] keylogger > offline mode > avoid saving logs to file. keeping on memory
# [stealer] keylogger > offline mode > show all compiled txt data on the panel page
# first boot persistence > set custom stub path
# download files > md5 hash integrity check
# check if the stealer is found and report to server
# panel > show warning if errors are found on logs
# execute > retry if failed the first time
# update > refud > set custom folder/path for the stub
# [stealer] files explorer > added button to go up one folder

=== V8 NEW FEATURES ===
# bot > run powershell (oneliners)
# report the stealer process presence to the panel (both on disk + process)
# stealer > firefox pwds decryption moved serverside for stealth
# show AV found (from software list)
# bot > execute dlls (rundll + exported function)
# bot > autorun > startup registry (run) added method
# bot > autorun > option to choose between the 3 supported methods
# bot > autorun > report the current state of the methods (found / deleted on the pc)
# software+hardware info moved back to the bot
# retry downloads if failed


V7 PANEL SCREENSHOTS - PREVIEW

V8 PANEL SCREENSHOTS - PREVIEW


PROS
+ secure. the panel runs from a hosting/vps.
+ secure. you can login using Tor (needs javascript full turned on)
+ no setup. avoid vpns with port forwarding or tunneling. you get ready access to the panel
+ multiple features coming on future versions

CRYPTING
(*) crypting is offered as an extra optional service.
(*) if you plan to use an external crypter, one with "native support" should be used (for a c++ app x86/x64)

CAVEATS / NOTES
(*) c2 panel needs javascript full turned on
(*) raw exe sizes are ~250kb (bot) ~400kb (stealer) ~260kb (hidden apps)
(*) tested on Windows 7/8.1/10/11

ASSETS YOU WILL RECEIVE
* exe(s) (depending on the selected modules)
* access to the c2 panel
* readme

PRICING
* bot/loader 375
* vps+domain+panel 50
+ stealer 225 (optional module/exe)
+ hidden apps 75 (optional module/exe)
+ proxy server 50 (optional recommended to protect the c2 server. bot <> proxy <> c2 server)

(*) prices are monthly
(*) xmr / btc / ltc / eth / usdt / dai accepted
(*) vps/c2 panel re-setup 50 (if server gets banned / ideally add the proxy to avoid this)

CONTACTS
Jabber(OTR) + Tox. Request by PM.

TERMS OF SERVICE
* each client gets a unique domain+vps service (not shared)
* your plan starts once the vps+domain is setup and you get access to the panel. if there is a delay between the payment and the setup, you won't lose any time of using the tool
* setup time (after payment confirmation) is done within 24hs (on normal conditions)
* your panel domain will be randomly generated. it cannot be changed or chosen
* no ssh/ftp/cpanel will be provided directly to the vps service
* the panel source is not provided for self-installation
* refund is only done (in special cases) for the tool price only (not the vps/domain costs)
 
Can this bot work on Linux machines?
Can it collect credentials of the RDP/VM on a network ( IP, user:pass)

I need something that i can download and execute
then create a backdoor login
and send the IP address and port of the ssh server back to my server.

Can it do this?
 
X-Particle сказал(а):
Can this bot work on Linux machines?
Can it collect credentials of the RDP/VM on a network ( IP, user:pass)

I need something that i can download and execute
then create a backdoor login
and send the IP address and port of the ssh server back to my server.

Can it do this?
hello, this is a windows only tool. it does not collect rdp credentials.
 
Are you very busy?

It's very difficult to contact you regularly,

You only respond once every few days, sometimes even a week.

You're in business, but not focused on your goals.

Everyone is waiting for you, but can't get in touch with you.

Our work won't go smoothly without the best support.

Do you really need customers?
 
_k_makaley сказал(а):
Are you very busy?

It's very difficult to contact you regularly,

You only respond once every few days, sometimes even a week.

You're in business, but not focused on your goals.

Everyone is waiting for you, but can't get in touch with you.

Our work won't go smoothly without the best support.

Do you really need customers?
hello, i haven't received any msg from you, i'm on tox/jabber as usual
please send you contacts or questions
regards
 
admin


Напишите ответ...
Верх