Delikat
Команда форума
- Регистрация
- 03.01.2020
- Сообщения
- 173
- Реакции
- 10
- Баллы
- 18
For a second I assumed it was the stub dropping in the TEMP dir from the second "builder.exe" file as that was being executed but I assumed if it was not connected to a valid server that would exit the stub, I was reversing it for a TCP Connection and realized it is using a Telegram Channel to send data to , The RAT uses a TCP Connection over a Custom Port , Telegram is not involved. So Come to find out, it was his Stealer he binded.
So you almost got me :< but the weird admin prompt ? , the Fake Error ? , and ofc dropping this in the %temp% folder on Disk for AVs to Scan Un-Obfuscated Code 6/10 I give it
Good Concept ?
Ps , Yes this is the CLEAN version , still run in sandbox tho . Good Practices
[+] Blank Screen, Disable Win Updates, Run Shell , Invoke BSOD
[+] .NET 3.5 Installer
[+] UAC / Firewall / Taskmgr / RegEdit , Disabler + Enabler
[+] Shell / Webcam / MIC / Monitor / System Sound/ File Manager, Control
[+] TCP Connections Monitor
[+] Clipboard Manager + Password Manager
[+] Installed Programs Manager
[+] Activate Windows Option
[+] DDoS
[+] VB.NET Compiler / Google Maps
[+] Fun Functions
[+] Keylogger / Chat / File Searcher
[+] USB Spread + Bot Killer
[+] Prevent Sleep / Auto Sleep Disabler / Change Wallpaper / Message Box Popup / Delete Restore Points
[+] UAC Bypass
[+] Coin Clipper / Swapper
[+] Ransomware
[+] Ngrok Installer
[+] Tinynuke HVNC
[+] VNC Viewer
[+] Windows Defender , Disabler / Remover / Exclusion
[+] Startup, Registry / Folder / SCHTASKS aka Scheduled Tasks
[+] Worm
[+] Anti Analysis
Thats most of it
So you almost got me :< but the weird admin prompt ? , the Fake Error ? , and ofc dropping this in the %temp% folder on Disk for AVs to Scan Un-Obfuscated Code 6/10 I give it
Good Concept ?
Ps , Yes this is the CLEAN version , still run in sandbox tho . Good Practices
============================================
FEATURES
====================================================
[+] Run File From, URL / Disk / Memory / RunPEFEATURES
====================================================
[+] Blank Screen, Disable Win Updates, Run Shell , Invoke BSOD
[+] .NET 3.5 Installer
[+] UAC / Firewall / Taskmgr / RegEdit , Disabler + Enabler
[+] Shell / Webcam / MIC / Monitor / System Sound/ File Manager, Control
[+] TCP Connections Monitor
[+] Clipboard Manager + Password Manager
[+] Installed Programs Manager
[+] Activate Windows Option
[+] DDoS
[+] VB.NET Compiler / Google Maps
[+] Fun Functions
[+] Keylogger / Chat / File Searcher
[+] USB Spread + Bot Killer
[+] Prevent Sleep / Auto Sleep Disabler / Change Wallpaper / Message Box Popup / Delete Restore Points
[+] UAC Bypass
[+] Coin Clipper / Swapper
[+] Ransomware
[+] Ngrok Installer
[+] Tinynuke HVNC
[+] VNC Viewer
[+] Windows Defender , Disabler / Remover / Exclusion
[+] Startup, Registry / Folder / SCHTASKS aka Scheduled Tasks
[+] Worm
[+] Anti Analysis
Thats most of it
You need to log in to view the content.