14-11-25, 08:38 PM
GENERAL
* C++ Windows modular RAT
* php/js dynamic c2 server (web panel)
* not based on another malware
(!) [important] the panel is limited to 1000 bots. the tool is oriented to targeted attacks (not mass)
MODULAR
Setup consists of:
* Bot (required)
* Stealer (optional)
* Hidden Apps (optional)
* Vnc/Screencast (optional)
* Micro Bot (optional)
BOT/LOADER
(+) upload + download + execute (exe/bat/vbs/js/dll-sideload)
(+) execute the modules (stealer+hidden-apps+vnc)
(+) execute 2nd stage payloads at first boot (another stealer, miner, etc)
(+) update refud/replace
(+) processes list+kill
(+) kill+delete bot/modules
(+) startup+persistence (auto-run)
* multiple methods
* delay creation (optional)
* create on shutdown/restart (optional)
(+) pc info
* installed programs + hardware info + av found
(+) single/group/mass commands
(+) multiple commands for each bot (commands queue)
* if the target is offline commands will be executed when online
* show/cancel pending/in progress commands
STEALER (MODULE)
(+) files explorer
# navigate + create new folders
# download files
# upload + delete + rename (files+folders)
# search
# detects installed drives (c:\, d:\, e:\, etc)
(+) harvest / find (files grabber)
* find
* by filename / extension / filename+extension
* folders: predefined / custom
* optional "max file size" value (avoid uploading huge files)
* upload files from search results
* harvest
* zip found files and upload the package
(+) pass recovery + browsers data
* pass: chrome / firefox / edge / opera / thunderbird
* firefox autofill+history+cookies
* chrome/edge/opera autofill+credit cards+history+cookies
(+) clipboard stealer
* live mode + download/delete data
* saves the active window (program)
(+) crypto clipper/swapper
* replaces bitcoin/ethereum/monero addresses with yours
(+) keylogger
* offline mode
* 3 predefined intervals to send the logs
* saves the active window (program)
(+) live keylogger
* titles filter: send keys only if a certain app/title is focused
(+) screenshot
(+) screenshot burst
* take multiple screenshots when a window/app is focused and matches the titles/strings specified
* configure 3/5/10 screenshots burst
(+) shell/cmd (simple)
* run cmds and get the output (single mode)
* run cmds as "one-liners" without output (mass/group mode)
* note: not a fully interactive reverse shell (check hidden apps module for a better solution)
HIDDEN APPS (MODULE)
(+) hidden browsers
* use the target's browser hidden from the user (firefox/chrome/edge)
* browser default user profile is used. access the sessions, passwords saved, bookmarks, history, etc.
* notes: connection is http (not super fast). does not replace a full hvnc.
(+) hidden cmd.exe (reverse shell)
* fully interactive
VNC/SCREENCAST (MODULE)
- control the main desktop [click/type]. visible not hidden.
- can be used as screencast
- pseudo vnc. does not replace a real vnc or rmm (anydesk, etc)
https://imgur.com/a/96DHGMs
https://ibb.co/HY9Ct7Z
MICRO BOT [ALTERNATIVE LOADER]
(+) low detections
(+) no need to crypt
(+) use as a fallback/backup/helper in case your main bot/rat gets detected
MISC
# run cmds (shell) one-liners at first boot
# strings dynamic decryption
# randomized internal strings (bot+panel)
# campaign/bot id option
# cookies in json+netscape format
(+) anti-analysis options
(+) Unicode support (works on all languages)
(+) chromium decryption server-side
(+) strings encryption randomized for each sample
(+) features can be removed from the stealer by request if not needed (main ones like key-logger, clipboard, etc).
(+) custom features can be added for an extra fee
C2 WEB PANEL
(!) [important] the panel is limited to 1000 bots. the tool is oriented to targeted attacks (not mass spam)
* list targets + set commands
* first boot (auto-tasks/configs). config the modules for the first time execution.
* targets' log (activity/commands executed)
* dark/light theme
* secure login with user/password and "2fa" code
* country info+flag
* save aliases (friendly bot names)
* cancel commands
* download all files as zip
* resources tab > easy management of the files/modules to be dropped on targets (upload/delete/rename)
* filter uploaded files by current selected target and file types (imgs, dumps, etc)
* filter bots by ip, country, os, etc
* bots list showing last connection, boot counts, alive time, campaign/bot id, screenshots count
* screenshots > thumbnails (gallery)
* show hide columns os/campaign id/last connection
* ping/knock custom randomized interval
=== V7 NEW FEATURES ===
* http communications encryption (bot/modules <> server)
* [stealer] wallets grabber > desktop + web (chrome)
* proxy servers > configurable on the panel. protect the c2 (bot > proxy > c2)
(+) in case of blacklist/ban/detections replace the proxy vps and update the list
* [stealer] keylogger > offline mode > add filtering by strings in app/titles
* [stealer] keylogger > offline mode > avoid saving logs to file. keeping on memory
* [stealer] keylogger > offline mode > show all compiled txt data on the panel page
* first boot persistence > set custom stub path
* download files > md5 hash integrity check
* check if the stealer is found and report to server
* panel > show warning if errors are found on logs
* execute > retry if failed the first time
* update > refud > set custom folder/path for the stub
* [stealer] files explorer > added button to go up one folder
=== V8 NEW FEATURES ===
* bot > run powershell (oneliners)
* bot > show AV found (from software list)
* bot > execute dlls (rundll32 + function)
* bot > autorun > startup registry (run) added method
* bot > autorun > option to choose between the 3 supported methods
* bot > autorun > report the current state of the methods (found / deleted on the pc)
* bot > software+hardware info moved back to the bot
* bot > report the stealer process presence to the panel (both on disk + process)
* bot > retry downloads if failed
* stealer > firefox pwds decryption moved server-side for stealth
=== V9 NEW FEATURES ===
* bot > report exe/stub presence on disk
* panel > check the proxy servers state
* panel > stealer stub randomization. every stub has a different hash on disk. avoid av hash signatures.
* download big files in chunks
* kill+delete > bot folder cleanup on the pc (with libs/files)
* added more chrome wallet extensions to the list
* commands > execute each with a thread [avoid hangs]
* stealer update > avoid killing if found running
* uploaded files > confirm server-side with file hash
* [stealer] commands > execute each with a thread [avoid hangs]
* [bot] restart command
* [bot] file uploads > curl option as fallback
* [bot] winapi startup shortcut as fallback for unicode paths
* [bot] defender exclusion (visible)
Will prompt for UAC (yes/no) using Microsoft/Powershell (verified publisher)
Adds C:\ to excluded folders. Works only if the user is admin
* ProgramData folder added for stub path/file downloads/etc
* [bot] killed state added
* [bot] auto-run command > delete+recreate scheduled task/registry run/startup shortcut
- useful if wrongly setup or not setup in the first boot
* [panel] alias + campaign id filters added
* [stealer] show busy label while running the first boot commands
* 7z archives (packs) use a list file for faster packing
* panel > wallets > list names from within zips/archives
* chromium browsers multi profile pwds+data added
* unlock browsers db files if opened
* find/harvest added banned folders when searching the drive
* panel > info page > enable for mass/group. review installed programs + hardware info of all targets or selected
=== V10 NEW FEATURES ===
* autorun - logon script registry (new method added)
* autorun - av conditional smart/auto mode
* prevent pc sleeps
* screen burst - auto time interval mode
* hidden apps - turn on/off the browser while keeping the module running + show ping status
* new chrome v20 cookies encryption support
* vnc module
* clipper - added new addresses
* chrome v20 cookies encryption - add injection helper alternative method
* micro bot integration (deploy from the main rat)
* show bot up-time (panel)
* run payloads with dll sideloading
* run modules with dll sideloading
* fallback bot - add dll sideload support
* parse chrome data fully server-side + chrome v20 pwds encryption
* anti virtual box (optional)
* anti delay (optional)
* libcurl file download (optional)
* telegram notifications
* download - add fallback methods
* execute js payloads
* antis - exit on intel custom cpus (optional)
* chunked file uploads
* http - libcurl get/post (optional)
* libcurl - ftp file downloads (optional)
* key-logger - randomize string key codes for each build
* desktop wallets updated
* bug fixing + tweaks/improvements
V8 PANEL SCREENSHOTS - PREVIEW
https://imgur.com/a/nss0Pf6
V9 PANEL SCREENSHOTS - PREVIEW
https://imgur.com/a/ouz3cYR
PROS
+ secure. the panel runs on a vps
+ secure. you can login over Tor (needs Javascript on)
+ no setup. avoid vpns with port forwarding or tunneling. you get ready access to the panel
+ multiple features coming on future versions
CRYPTING
you will need to crypt all the files with a crypter (with native or shellcode support)
compatible methods: runpe/loadpe/shellcode-injection/dll-sideload
OS SUPPORT
Win 10 + Win 11 onwards
CAVEATS / NOTES
(*) c2 panel needs javascript on
(*) tested on Windows 10/11 and MacOSx
ASSETS YOU WILL RECEIVE
* exes/dmg
* access to the c2 panel
* readme
MONTHLY PRICING $
- bot 500 (required)
- vps+domain+panel 50 (c2 server / required)
- stealer 335 (optional module/exe)
- hidden apps 180 (optional module/exe)
- vnc/screencast 155 (optional module/exe)
- micro bot 200 (optional alternative bot - includes vps+domain+panel)
- proxy server 50 (optional for c2 server protection. bot > proxy > c2 server)
(*) prices are monthly
(*) xmr / btc / ltc / bch / eth / usdt / dai accepted
(*) vps/c2 panel re-setup 75 (if server/domain gets banned. add the proxy to avoid this)
(*) proxy server has pro/cons. discuss based on your needs.
rSIZE
- build size is between ~500kb and ~1.3MB [depending con configs]
SETUP
vps+domain+panel are all setup by support, you get ready access to the panel
TERMS OF SERVICE
* each client gets a unique domain+vps services (not shared)
* your plan starts once the vps+domain is setup and you get access to the panel. if there is a delay between the payment and the setup, you won't lose any time of using the tool
* setup time (after payment confirmation) is done within 24hs (on normal conditions)
* your panel domain will be randomly generated. it cannot be changed or chosen
* no ssh/ftp/cpanel access will be provided directly to the vps service
* the panel source is not provided for self-installation
* refund is only done (in special cases) for the tool price only (not the vps/domain costs)
Contact me.
* C++ Windows modular RAT
* php/js dynamic c2 server (web panel)
* not based on another malware
(!) [important] the panel is limited to 1000 bots. the tool is oriented to targeted attacks (not mass)
MODULAR
Setup consists of:
* Bot (required)
* Stealer (optional)
* Hidden Apps (optional)
* Vnc/Screencast (optional)
* Micro Bot (optional)
BOT/LOADER
(+) upload + download + execute (exe/bat/vbs/js/dll-sideload)
(+) execute the modules (stealer+hidden-apps+vnc)
(+) execute 2nd stage payloads at first boot (another stealer, miner, etc)
(+) update refud/replace
(+) processes list+kill
(+) kill+delete bot/modules
(+) startup+persistence (auto-run)
* multiple methods
* delay creation (optional)
* create on shutdown/restart (optional)
(+) pc info
* installed programs + hardware info + av found
(+) single/group/mass commands
(+) multiple commands for each bot (commands queue)
* if the target is offline commands will be executed when online
* show/cancel pending/in progress commands
STEALER (MODULE)
(+) files explorer
# navigate + create new folders
# download files
# upload + delete + rename (files+folders)
# search
# detects installed drives (c:\, d:\, e:\, etc)
(+) harvest / find (files grabber)
* find
* by filename / extension / filename+extension
* folders: predefined / custom
* optional "max file size" value (avoid uploading huge files)
* upload files from search results
* harvest
* zip found files and upload the package
(+) pass recovery + browsers data
* pass: chrome / firefox / edge / opera / thunderbird
* firefox autofill+history+cookies
* chrome/edge/opera autofill+credit cards+history+cookies
(+) clipboard stealer
* live mode + download/delete data
* saves the active window (program)
(+) crypto clipper/swapper
* replaces bitcoin/ethereum/monero addresses with yours
(+) keylogger
* offline mode
* 3 predefined intervals to send the logs
* saves the active window (program)
(+) live keylogger
* titles filter: send keys only if a certain app/title is focused
(+) screenshot
(+) screenshot burst
* take multiple screenshots when a window/app is focused and matches the titles/strings specified
* configure 3/5/10 screenshots burst
(+) shell/cmd (simple)
* run cmds and get the output (single mode)
* run cmds as "one-liners" without output (mass/group mode)
* note: not a fully interactive reverse shell (check hidden apps module for a better solution)
HIDDEN APPS (MODULE)
(+) hidden browsers
* use the target's browser hidden from the user (firefox/chrome/edge)
* browser default user profile is used. access the sessions, passwords saved, bookmarks, history, etc.
* notes: connection is http (not super fast). does not replace a full hvnc.
(+) hidden cmd.exe (reverse shell)
* fully interactive
VNC/SCREENCAST (MODULE)
- control the main desktop [click/type]. visible not hidden.
- can be used as screencast
- pseudo vnc. does not replace a real vnc or rmm (anydesk, etc)
https://imgur.com/a/96DHGMs
https://ibb.co/HY9Ct7Z
MICRO BOT [ALTERNATIVE LOADER]
(+) low detections
(+) no need to crypt
(+) use as a fallback/backup/helper in case your main bot/rat gets detected
MISC
# run cmds (shell) one-liners at first boot
# strings dynamic decryption
# randomized internal strings (bot+panel)
# campaign/bot id option
# cookies in json+netscape format
(+) anti-analysis options
(+) Unicode support (works on all languages)
(+) chromium decryption server-side
(+) strings encryption randomized for each sample
(+) features can be removed from the stealer by request if not needed (main ones like key-logger, clipboard, etc).
(+) custom features can be added for an extra fee
C2 WEB PANEL
(!) [important] the panel is limited to 1000 bots. the tool is oriented to targeted attacks (not mass spam)
* list targets + set commands
* first boot (auto-tasks/configs). config the modules for the first time execution.
* targets' log (activity/commands executed)
* dark/light theme
* secure login with user/password and "2fa" code
* country info+flag
* save aliases (friendly bot names)
* cancel commands
* download all files as zip
* resources tab > easy management of the files/modules to be dropped on targets (upload/delete/rename)
* filter uploaded files by current selected target and file types (imgs, dumps, etc)
* filter bots by ip, country, os, etc
* bots list showing last connection, boot counts, alive time, campaign/bot id, screenshots count
* screenshots > thumbnails (gallery)
* show hide columns os/campaign id/last connection
* ping/knock custom randomized interval
=== V7 NEW FEATURES ===
* http communications encryption (bot/modules <> server)
* [stealer] wallets grabber > desktop + web (chrome)
* proxy servers > configurable on the panel. protect the c2 (bot > proxy > c2)
(+) in case of blacklist/ban/detections replace the proxy vps and update the list
* [stealer] keylogger > offline mode > add filtering by strings in app/titles
* [stealer] keylogger > offline mode > avoid saving logs to file. keeping on memory
* [stealer] keylogger > offline mode > show all compiled txt data on the panel page
* first boot persistence > set custom stub path
* download files > md5 hash integrity check
* check if the stealer is found and report to server
* panel > show warning if errors are found on logs
* execute > retry if failed the first time
* update > refud > set custom folder/path for the stub
* [stealer] files explorer > added button to go up one folder
=== V8 NEW FEATURES ===
* bot > run powershell (oneliners)
* bot > show AV found (from software list)
* bot > execute dlls (rundll32 + function)
* bot > autorun > startup registry (run) added method
* bot > autorun > option to choose between the 3 supported methods
* bot > autorun > report the current state of the methods (found / deleted on the pc)
* bot > software+hardware info moved back to the bot
* bot > report the stealer process presence to the panel (both on disk + process)
* bot > retry downloads if failed
* stealer > firefox pwds decryption moved server-side for stealth
=== V9 NEW FEATURES ===
* bot > report exe/stub presence on disk
* panel > check the proxy servers state
* panel > stealer stub randomization. every stub has a different hash on disk. avoid av hash signatures.
* download big files in chunks
* kill+delete > bot folder cleanup on the pc (with libs/files)
* added more chrome wallet extensions to the list
* commands > execute each with a thread [avoid hangs]
* stealer update > avoid killing if found running
* uploaded files > confirm server-side with file hash
* [stealer] commands > execute each with a thread [avoid hangs]
* [bot] restart command
* [bot] file uploads > curl option as fallback
* [bot] winapi startup shortcut as fallback for unicode paths
* [bot] defender exclusion (visible)
Will prompt for UAC (yes/no) using Microsoft/Powershell (verified publisher)
Adds C:\ to excluded folders. Works only if the user is admin
* ProgramData folder added for stub path/file downloads/etc
* [bot] killed state added
* [bot] auto-run command > delete+recreate scheduled task/registry run/startup shortcut
- useful if wrongly setup or not setup in the first boot
* [panel] alias + campaign id filters added
* [stealer] show busy label while running the first boot commands
* 7z archives (packs) use a list file for faster packing
* panel > wallets > list names from within zips/archives
* chromium browsers multi profile pwds+data added
* unlock browsers db files if opened
* find/harvest added banned folders when searching the drive
* panel > info page > enable for mass/group. review installed programs + hardware info of all targets or selected
=== V10 NEW FEATURES ===
* autorun - logon script registry (new method added)
* autorun - av conditional smart/auto mode
* prevent pc sleeps
* screen burst - auto time interval mode
* hidden apps - turn on/off the browser while keeping the module running + show ping status
* new chrome v20 cookies encryption support
* vnc module
* clipper - added new addresses
* chrome v20 cookies encryption - add injection helper alternative method
* micro bot integration (deploy from the main rat)
* show bot up-time (panel)
* run payloads with dll sideloading
* run modules with dll sideloading
* fallback bot - add dll sideload support
* parse chrome data fully server-side + chrome v20 pwds encryption
* anti virtual box (optional)
* anti delay (optional)
* libcurl file download (optional)
* telegram notifications
* download - add fallback methods
* execute js payloads
* antis - exit on intel custom cpus (optional)
* chunked file uploads
* http - libcurl get/post (optional)
* libcurl - ftp file downloads (optional)
* key-logger - randomize string key codes for each build
* desktop wallets updated
* bug fixing + tweaks/improvements
V8 PANEL SCREENSHOTS - PREVIEW
https://imgur.com/a/nss0Pf6
V9 PANEL SCREENSHOTS - PREVIEW
https://imgur.com/a/ouz3cYR
PROS
+ secure. the panel runs on a vps
+ secure. you can login over Tor (needs Javascript on)
+ no setup. avoid vpns with port forwarding or tunneling. you get ready access to the panel
+ multiple features coming on future versions
CRYPTING
you will need to crypt all the files with a crypter (with native or shellcode support)
compatible methods: runpe/loadpe/shellcode-injection/dll-sideload
OS SUPPORT
Win 10 + Win 11 onwards
CAVEATS / NOTES
(*) c2 panel needs javascript on
(*) tested on Windows 10/11 and MacOSx
ASSETS YOU WILL RECEIVE
* exes/dmg
* access to the c2 panel
* readme
MONTHLY PRICING $
- bot 500 (required)
- vps+domain+panel 50 (c2 server / required)
- stealer 335 (optional module/exe)
- hidden apps 180 (optional module/exe)
- vnc/screencast 155 (optional module/exe)
- micro bot 200 (optional alternative bot - includes vps+domain+panel)
- proxy server 50 (optional for c2 server protection. bot > proxy > c2 server)
(*) prices are monthly
(*) xmr / btc / ltc / bch / eth / usdt / dai accepted
(*) vps/c2 panel re-setup 75 (if server/domain gets banned. add the proxy to avoid this)
(*) proxy server has pro/cons. discuss based on your needs.
Code:
CONTACTS:
Email: digitalmutant@dnmx.cc
Telegram - drop your telegram via email/dmrSIZE
- build size is between ~500kb and ~1.3MB [depending con configs]
SETUP
vps+domain+panel are all setup by support, you get ready access to the panel
TERMS OF SERVICE
* each client gets a unique domain+vps services (not shared)
* your plan starts once the vps+domain is setup and you get access to the panel. if there is a delay between the payment and the setup, you won't lose any time of using the tool
* setup time (after payment confirmation) is done within 24hs (on normal conditions)
* your panel domain will be randomly generated. it cannot be changed or chosen
* no ssh/ftp/cpanel access will be provided directly to the vps service
* the panel source is not provided for self-installation
* refund is only done (in special cases) for the tool price only (not the vps/domain costs)
Contact me.