• XSS.stack #1 – первый литературный журнал от юзеров форума

Spectre 5.0 RAT | Botnet | HiddenBrowser

В этой теме можно использовать автоматический гарант!

Новая сделка
Отслеживать
DigitalMutant сказал(а):
hello, this is a windows only tool. it does not collect rdp credentials.
possible for tasksched or ps1 to be placed as trustedinstaller (NanaRun C/C++)?
 
rainz42 сказал(а):
--EN-- i am interested. when you are available! thanks. --RU-- Я заинтересован. когда ты доступен! Спасибо. qTox ID: 04754DAF5E156CCD6DDA82905FF88FB310BFA20F85D5C17FBEE994E44CF4E949B6E6DD50561F
added, thanks

(+) V9 (IN DEVELOPMENT)
# bot > download big files in chunks
 
hello, i'm releasing the new version

9.0 Modular RAT | Stealer | Hidden Apps

GENERAL
* C++ Windows modular RAT
* php/js dynamic c2 server (web panel)
* not based on another malware
(!) [important] the panel is limited to 1000 bots. the tool is now oriented to targeted attacks (not mass spam)

MODULAR
Setup consists of 3 modules/exes:
* Bot (required)
* Stealer (optional)
* Hidden Apps (optional)

BOT/LOADER
(+) upload + download + execute (exe/bat/vbs)
(+) execute the modules (stealer+hidden apps)
(+) execute 2nd stage payloads (exe/bat/vbs) at first boot (another stealer, miner, etc)
(+) update "refud/replace"
(+) processes list+kill
(+) kill+delete bot/modules
(+) startup+persistence (auto-run)
* startup shortcut (survive pc reboot)
* scheduled task to re-execute the bot if killed (needs admin user. no uac)
(+) pc info
* installed programs + hardware info
(+) single/group/mass commands
(+) multiple commands for each bot (commands queue)
* if the target is offline commands will be executed when online
* show/cancel pending commands

STEALER (MODULE)
(+) files explorer
# navigate + create new folders
# download files
# upload + delete + rename (files+folders)
# search
# detects installed drives (c:\, d:\, e:\, etc)
(+) harvest / find (files grabber)
* find
* by filename / extension / filename+extension
* folders: predefined / custom
* optional "max file size" value (avoid uploading huge files)
* upload files from search results
* harvest
* zip found files and upload the package
(+) pass recovery + browsers data
* pass: chrome / firefox / edge / opera / thunderbird
* firefox autofill+history+cookies
* chrome/edge/opera autofill+credit cards+history+cookies
(+) clipboard stealer
* live mode + download/delete data
* saves the active window (program)
(+) crypto clipper/swapper
* replaces bitcoin/ethereum/monero addresses with yours
(+) keylogger
* offline mode
* 3 predefined intervals to send the logs
* saves the active window (program)
(+) live keylogger
* titles filter: send keys only if a certain app/title is focused
(+) screenshot
(+) screenshot burst
* take multiple screenshots when a window/app is focused and matches the titles/strings specified
* configure 3/5/10 screenshots burst
(+) shell/cmd (simple)
* run cmds and get the output (single mode)
* run cmds as "one-liners" without output (mass/group mode)
* note: not a fully interactive reverse shell (check hidden apps module for a better solution)

HIDDEN APPS (MODULE)
(+) hidden browsers
* use the target's browser hidden from the user (firefox/chrome/edge)
* browser default user profile is used. access the sessions, passwords saved, bookmarks, history, etc.
* notes: connection is http (not super fast). does not replace a full hvnc.
(+) hidden cmd.exe (reverse shell)
* fully interactive

MISC
# run cmds (shell) one-liners at first boot
# strings dynamic decryption
# randomized internal strings (bot+panel)
# campaign/bot id option
# cookies in json+netscape format
(+) anti-analysis
* if analysis tools are running the bot exits
* unique mutex for each build
* binary strings obfuscated
(+) Unicode support (works on all languages)
(+) chromium decryption server-side
(+) strings encryption randomized for each sample
(+) features can be removed from the stealer by request if not needed (main ones like keylogger, clipboard, etc).
(+) custom features can be added for an extra fee

C2 WEB PANEL
(!) [important] the panel is limited to 1000 bots. the tool is now oriented to targeted attacks (not mass spam)
* list targets + set commands
* first boot (auto-tasks/configs). config the modules for the first time execution.
* targets' log (activity/commands executed)
* dark/light theme
* secure login with user/password and "2fa" code
* country info+flag
* save aliases (friendly bot names)
* cancel commands
* download all files as zip
* resources tab > easy management of the files/modules to be dropped on targets (upload/delete/rename)
* filter uploaded files by current selected target and file types (imgs, dumps, etc)
* filter bots by ip, country, os, etc
* bots list showing last connection, boot counts, alive time, campaign/bot id, screenshots count
* screenshots > thumbnails (gallery)
* show hide columns os/campaign id/last connection
* ping/knock custom randomized interval

=== V7 NEW FEATURES ===
# http communications encryption (bot/modules <> server)
# [stealer] wallet grabber > desktop + web (chrome)
# proxy servers > configurable on the panel. protect the c2 (bot > proxy > c2)
(+) in case of blacklist/ban/detections replace the proxy vps and update the list
# [stealer] keylogger > offline mode > add filtering by strings in app/titles
# [stealer] keylogger > offline mode > avoid saving logs to file. keeping on memory
# [stealer] keylogger > offline mode > show all compiled txt data on the panel page
# first boot persistence > set custom stub path
# download files > md5 hash integrity check
# check if the stealer is found and report to server
# panel > show warning if errors are found on logs
# execute > retry if failed the first time
# update > refud > set custom folder/path for the stub
# [stealer] files explorer > added button to go up one folder

=== V8 NEW FEATURES ===
# bot > run powershell (oneliners)
# bot > show AV found (from software list)
# bot > execute dlls (rundll32 + function)
# bot > autorun > startup registry (run) added method
# bot > autorun > option to choose between the 3 supported methods
# bot > autorun > report the current state of the methods (found / deleted on the pc)
# bot > software+hardware info moved back to the bot
# bot > report the stealer process presence to the panel (both on disk + process)
# bot > retry downloads if failed
# stealer > firefox pwds decryption moved server-side for stealth

=== V9 NEW FEATURES ===
# bot > report exe/stub presence on disk
# panel > check the proxy servers state
# panel > stealer stub randomization. every stub has a different hash on disk. avoid av hash signatures.
# download big files in chunks
# kill+delete > bot folder cleanup on the pc (with libs/files)
# added more chrome wallet extensions to the list
# commands > execute each with a thread [avoid hangs]
# stealer update > avoid killing if found running
# uploaded files > confirm server-side with file hash
# [stealer] commands > execute each with a thread [avoid hangs]
# [bot] restart command
# [bot] file uploads > curl option as fallback
# [bot] winapi startup shortcut as fallback for unicode paths
# [bot] defender exclusion (visible)
Will prompt for UAC (yes/no) using Microsoft/Powershell (verified publisher)
Adds C:\ to excluded folders. Works only if the user is admin
# ProgramData folder added for stub path/file downloads/etc
# [bot] killed state added
# [bot] auto-run command > delete+recreate scheduled task/registry run/startup shortcut
- useful if wrongly setup or not setup in the first boot
# [panel] alias + campaign id filters added
# [stealer] show busy label while running the first boot commands
# 7z archives (packs) use a list file for faster packing
# panel > wallets > list names from within zips/archives
# chromium browsers multi profile pwds+data added
# unlock browsers db files if opened
# find/harvest added banned folders when searching the drive
# panel > info page > enable for mass/group. review installed programs + hardware info of all targets or selected

V8 PANEL SCREENSHOTS - PREVIEW

V9 PANEL SCREENSHOTS - PREVIEW
gofile.io

V9_SCREENSHOTS.7z

0 downloads
gofile.io
7Z PASS: 8kr1AhaOxm1dnkUEc4KFhnBRT0yjFoP2p3lYnDxA9r3sgadMkZqchw==

PROS
+ secure. the panel runs from a vps
+ secure. you can login using Tor (needs javascript full turned on)
+ no setup. avoid vpns with port forwarding or tunneling. you get ready access to the panel
+ multiple features coming on future versions

CRYPTING
(*) crypting is offered as an extra optional service.
(*) if you plan to use an external crypter, one with "native support" should be used (for a c++ app x86/x64)

CAVEATS / NOTES
(*) c2 panel needs javascript full turned on
(*) raw exe sizes are ~300kb (bot) ~400kb (stealer) ~280kb (hidden apps)
(*) tested on Windows 10/11

ASSETS YOU WILL RECEIVE
* exe(s) (depending on the selected modules)
* access to the c2 panel
* readme

PRICING
* bot 425
* vps+domain+panel 50 (c2 server)
+ stealer 275 (optional module/exe)
+ hidden apps 125 (optional module/exe)
+ proxy server 50 (optional for c2 server protection. bot > proxy > c2 server)

(*) prices are monthly
(*) xmr / btc / ltc / eth / usdt / dai accepted
(*) vps/c2 panel re-setup 50 (if server gets banned / ideally add the proxy to avoid this)

CONTACTS
Jabber(OTR) + Tox. Request by PM.

TERMS OF SERVICE
* the panel source is not provided for self-installation
* each client gets a unique domain+vps service (not shared)
* your plan starts once the vps+domain is setup and you get access to the panel. if there is a delay between the payment and the setup, you won't lose any time of using the tool
* setup time (after payment confirmation) is done within 24hs (on normal conditions)
* your panel domain will be randomly generated. it cannot be changed or chosen
* no ssh/ftp/cpanel will be provided directly to the vps service
* refund is only done (in special cases) for the tool price only (not the vps/domain costs)
 
admin


Напишите ответ...
Верх