12-08-2024, 11:04 PM
(This post was last modified: 01-17-2025, 11:38 AM by bl4ck1ng.
Edit Reason: Version 2 here!
)
Presentation:
I just publish a v2 of this malware that comes with incredible improvements. I present a spyware made from scratch and built in "C", apart from being a SpyWare, it can be categorised as a C&C.
Possibly the sale of individual binaries will be discontinued.
Functions:
This SpyWare/C&C is full of options, we can do things like this:
Remarcable:
Suggestions can be requested, if you want a customized function just for you the price will be discussed and said in advance.
Basic Plans (Life Time):
Advanced Plans (Life Time):
Master Plan:
Get the complete source code with README.md which explains step by step the following:
As an extra i share an ‘autocompile.py’ that allows to compile everything automatically when the dependencies have been installed. For those master plan updates will be sent as ‘support’ for the malware.
Contact Method and Payment form:
The payment process can be do it in XMR preferably we can discuss it in PM. For contact methods i have session and qtox that you have it on my bio or under "MVP" on post.
I just publish a v2 of this malware that comes with incredible improvements. I present a spyware made from scratch and built in "C", apart from being a SpyWare, it can be categorised as a C&C.
Possibly the sale of individual binaries will be discontinued.
Quote:Improvements v2:
As I said I have been developing version 2 of this malware and it comes with many improvements.
- Modular: Dll's are now allowed with a good management of them, they are saved in the victim's PC but not written to disk.
- Dll management: Dlls have to be imported into memory and functions are accessed, if a function requires a Dll but has not been loaded before, the server will display a notification that it is required to import it.
- End-to-end encryption: We generate a secure custom key exchange and a unique encryption key is generated between the client and server. Each session generates a different key,
- Gecko support: Password and cookie decryption in gecko browsers (Firefox/Waterfox/Librewolf).
- Custom Lightweight RDP: Developed from 0 remote control (no encryption)
- Auto Join commands: We allow the execution of “default” commands that are executed when a connection is established.
- Global command execution: We allow the execution of commands in each session.
- Geoloc based command execution: Based on the country, city, region or ISP we can execute commands in the sessions.
- Multiple client execution handling: Using IPC we do not allow to execute the same binary with the same permissions more than once.
- File saving: Improved the way of saving victim files (./DATA/IP/PCNAME/all_files).
- Dump of running processes.
- Dump of installed software.
- Dump of saved wifi passwords.
- Global dump: Includes all dumps (passwords & cookies, wifi, processes, software).
- Error handling: Measures against version 1 errors have been added.
- Documentation: Improved documentation
Functions:
This SpyWare/C&C is full of options, we can do things like this:
- Shell mode: Powershell
- Exec comands in NO shell mode
- Low persistence: No admin required
- High Persistence: Admin required (Service based, when persistence runs the connection is from NT AUTHORITY/System)
- Download a file (Without size limit and a good looking progress bar)
- Upload a file (Without size limit and a good looking progress bar)
- Get system information (Not to much, Ram, full disk space, free disk space, PC name, processor, ...)
- Check if the file was run as admin
- Block peripherals
- Unblock peripherals
- Dump passwords & Cookies (ABE Decryption) (Edge/Brave/Chrome, it can be adapted for more browsers, its built from scratch understanding how the browser store the passwords)
- Dump Passwords & Cookies (Firefox/Waterfox/Librewolf)
- Dump WiFi passwords
- Dump software installed
- Dump process in execution
- Dump all
- Display a message box with a message
- Make and download a screenshot (all in one function)
- Record "x" seconds of audio from the mic
- Scan the network of the victim (give the hosts in it)
- Scan a host in the victim network (give the open ports of the host)
- Detect Monero installation and steal .keys file.
- Detect Exodus and steal .seco files.
- Detect all installed AVs on the victim
- Change crypto wallets if someone is copied into clipboard (Identifies ETH, BTC, XRP and LTC wallets.)
- DLL Upload (upload dlls from server to client)
- Import Dll (import dll to memory)
- Check dll (check state of dlls)
- srdp (RDP Session)
- Help commands to show aviable commands (on serves)
Remarcable:
- We have two main (and other files that are not main) files, the server and the client. The server is modified to be beautiful and easy to use with help messages.
- The server creates a folder called DATA in the same location where the server is running, where, sectioned by the IP addresses and the pc names of the sessions, the downloaded files are stored.
- The malware once executed, as long as the process has not been closed, can close the .exe on the server that the victim will try to connect to again and again, giving a break of 1s.
- We have commands to manage sessions by displaying the session id, pc name, country, city, region and ISP.
- Cache memory on session for those command that the output doesn't change. Like: check avs, sysinformation, scan network of the host, ...
- If the server got crash or stuck u can use [CTRL + C] to close and reopen, the client when notice that the connection has close it tries to connect another time.
Suggestions can be requested, if you want a customized function just for you the price will be discussed and said in advance.
Basic Plans (Life Time):
- Tier 1: Get malware and server in binary only available (shell, exec, dowload/upload, lowpersistence, password dump (Gecko browsers), dllUpload, importdll, checkDll) (Changing the IP of attacker)
- Price: 200€
- Price: 200€
- Tier 2: Get malware and server in binary format, only available (shell, exec, dowload/upload, lowpersistence, password dump (Chromium and Gecko), persistence, sysinformation, check, avs, block, unblock dllUpload, importdll, checkDll) (Changing the IP of attacker and the wallets)
- Price: 400€
- Price: 400€
Advanced Plans (Life Time):
- Tier 1: Get malware and server in binary format all function available (Changing the IP of attacker and the crypto wallets to change in clipboard)
- Price: 600€
- Price: 600€
Master Plan:
Get the complete source code with README.md which explains step by step the following:
- The installation of the dependencies
- General information of the commands before getting into a session
- General information with all the commands and the functions of each of them
- Preparation on both windows and linux
- Manual compilation of the source files
- Very Brief explanation of how to use NGROK or Windows/Linux VPS
- Price: 2000€
As an extra i share an ‘autocompile.py’ that allows to compile everything automatically when the dependencies have been installed. For those master plan updates will be sent as ‘support’ for the malware.
Contact Method and Payment form:
The payment process can be do it in XMR preferably we can discuss it in PM. For contact methods i have session and qtox that you have it on my bio or under "MVP" on post.
