ExploitUncut
03-23-2021, 09:33 AM
Spectre 2.0.
The project mixes RAT, Stealer and some Botnet features.
FEATURES
* C++ RAT (BOT)
* PHP/AJAX C2 SERVER (WEB PANEL)
* NOT BASED ON ANOTHER MALWARE
RAT/BOT
(+) UPLOAD + DOWNLOAD FILES
(+) DOWNLOAD + EXECUTE
(+) HARVEST / FIND FILES
* BY FILENAME / EXTENSION / FILENAME+EXTENSION
* FOLDERS: PREDEFINED / CUSTOM
* OPTIONAL "MAX FILE SIZE" VALUE (AVOID UPLOADING HUGE FILES)
* UPLOAD FILES FROM SEARCH RESULTS
* ZIP FOUND FILES AND UPLOAD THE PACKAGE
(+) PASS RECOVERY
* CHROME / FIREFOX / EDGE / FILEZILLA
(+) BROWSERS DATA
* FIREFOX AUTOFILL+HISTORY+COOKIES
* CHROME AUTOFILL+CREDIT CARDS+HISTORY+COOKIES
* EDGE AUTOFILL+CREDIT CARDS+HISTORY+COOKIES
(+) CLIPBOARD STEALER
* LIVE MODE + DOWNLOAD/DELETE DATA
* SAVES ACTIVE WINDOW (PROGRAM)
(+) CLIPPER/SWAPPER
* REPLACES BITCOIN/ETHEREUM/MONERO ADDRESSES WITH YOURS
(+) KEYLOGGER
* OFFLINE MODE
* HOOKING API METHOD (MORE ROBUST. NOT ASYNC)
* ON/OFF SWITCH
* 3 PREDEFINED INTERVALS TO SEND THE LOGS
* SAVES ACTIVE WINDOW (PROGRAM)
(+) UPDATE
"NEW VERSION" MODE
* UPDATE TO NEW BOT+PANEL (WITH NEW FEATURES)
* CONFIRMS NEW BOT CONNECTED TO THE NEW C2 SERVER BEFORE KILLING OLD
* IF NOT CONNECTED THE OLD BOT WILL REMAIN ACTIVE. THIS WAY YOU DONT LOSE THE OLD BOT IN CASE OF UPDATE FAILURE.
"ReFUDED" MODE
* REPLACE THE CURRENT RUNNING BINARY FOR THE REFUDED ONE IN THE SAME FOLDER
(!) THIS FEATURE WILL NOT CRYPT YOUR BINARY. ONLY DOES THE UPDATE/DEPLOY
(+) SCREENSHOTS
(+) KILL BOT
(+) MULTIPLE C2 SERVERS LIST
* BUILT WITH 5 C2 SERVERS' URLS. 1 MAIN + 4 BACKUPS.
* IF THE MAIN SERVER GETS BLOCKED/BANNED THE BOT WILL CHECK THE NEXT SERVER UNTIL IT FINDS ONE ONLINE. YOU DONT LOSE YOUR BOTS. THEY WILL MIGRATE TO ANOTHER SERVER.
(+) SINGLE/GROUP/MASS COMMANDS
* SET A COMMAND FOR A SINGLE BOT, FOR A GROUP OR FOR ALL (MASS)
(+) MULTIPLE COMMANDS FOR EACH BOT (COMMANDS QUEUE)
* IF THE TARGET IS OFFLINE COMMANDS WILL BE EXECUTED WHEN ONLINE
* SHOWING PENDING COMMANDS
(+) PC INFO
* INSTALLED PROGRAMS + HARDWARE INFO
(+) VISIT URL
* USING HEADLESS BROWSERS (CHROME/FIREFOX IF INSTALLED)
(+) ANTI-ANALYSIS
* IF ANALYSIS TOOLS ARE RUNNING THE BOT EXITS
* UNIQUE MUTEX FOR EACH BUILD
* UNIQUE DATA FOLDER FOR EACH BUILD
* BINARY STRINGS OBFUSCATED
C2 WEB PANEL
* LIST TARGETS
* SET COMMANDS
* LIST UPLOADED FILES
* STARTUP. CONFIG THE MODULES FOR THE FIRST TIME EXECUTION.
* TARGETS' LOG (ACTIVITY/COMMANDS EXECUTED)
* DARK/LIGHT THEME
* SECURE LOGIN WITH USER/PASSWORD AND "2FA" CODE
* CREDENTIALS ARE HARDCODED AND HASHED. NO DATABASE USED. CANT BE CRACKED.
PANEL SCREENSHOTS
PREVIEW
hxxps://imgur.com/a/cpRYqEg
MORE CAPTURES (SELECTION)
hxxps://ufile.io/ft6h5gk8
7Z PASS A4K7F8U3
PROS
+ SECURE. THE PANEL RUNS FROM A HOSTING/VPS. NOT ON YOUR COMPUTER
+ SECURE. YOU CAN LOGIN USING TOR BROWSER (JAVASCRIPT FULL TURNED ON)
+ NO SETUP. AVOID HAVING TO USE VPNS WITH PORT FORWARDING OR TUNNELING. YOU GET READY ACCESS TO THE PANEL
+ GET FILES ALL THE TIME. NO NEED TO HAVE YOUR PC TURNED ON ALL DAY (AVOID CRASHES, INTERNET/VPN DISCONNECTIONS, ETC)
+ MULTIPLE FEATURES TO BE ADDED ON FUTURE VERSIONS
CRYPTING
(*) NOT "FUD". NEEDS CRYPTING/PROTECTING FOR ANTIVIRUS EVASION
(*) A CRYPTER WITH "NATIVE" SUPPORT SHOULD BE USED
(*) PERSISTENCE + ANTI VM/SANDBOX SHOULD BE SET ON THE CRYPTER
CAVEATS / NOTES
(*) C2 PANEL NEEDS JAVASCRIPT FULL TURNED ON
(*) EXE SIZE IS ~450kb
(*) TESTED ON WINDOWS 7/8/10
ASSETS YOU RECEIVE
* RAT BINARY
* ACCESS TO THE C2 PANEL
* README
PRICING
RAT+PANEL
* 1 MONTH 60$ USD
* 3 MONTHS 130$ USD
* 12 MONTHS 500$ USD
+ UNIQUE HOSTING/DOMAIN COST
* 1 MONTH = 35 USD
* 3 MONTHS = 50 USD
(*) UPDATES INCLUDED
(*) DEMO AVAILABLE. 20 USD FEE REQUIRED (DISCOUNTED FROM PLAN PRICE)
(*) MONERO / BTC ACCEPTED
(*) PRICES MIGHT BE INCREASED ON PLAN RENEWAL FOR NEW VERSIONS
TERMS OF SERVICE
* EACH CLIENT GETS A UNIQUE DOMAIN+HOSTING SERVICE (NOT SHARED).
* YOUR PLAN STARTS ONCE THE HOSTING+DOMAIN IS SETUP AND YOU GET ACCESS. IF THERE IS A DELAY BETWEEN THE PAYMENT AND THE SETUP YOU WON'T LOSE ANY TIME OF USING THE TOOL.
* YOUR PANEL URL WILL BE RANDOMLY GENERATED. IT CANNOT BE CHANGED OR CHOSEN.
* IF YOUR MAIN URL GETS BLOCKED DUE TO A SPAM/MALWARE COMPLAINT (SUCH AS SPAMHOUSE), YOUR BOTS WILL MOVE TO THE NEXT EMBEDDED URL. WE WILL NEED TO REGISTER THE NEW DOMAIN AND IN SOME CASES GET A NEW HOSTING PLAN. NEW DOMAIN/HOSTING COSTS ARE NOT INCLUDED.
* NO FTP/CPANEL WILL BE PROVIDED DIRECTLY TO THE HOSTING SERVICE.
* HOSTING COSTS MIGHT CHANGE DEPENDING ON THE PROVIDER.
The project mixes RAT, Stealer and some Botnet features.
FEATURES
* C++ RAT (BOT)
* PHP/AJAX C2 SERVER (WEB PANEL)
* NOT BASED ON ANOTHER MALWARE
RAT/BOT
(+) UPLOAD + DOWNLOAD FILES
(+) DOWNLOAD + EXECUTE
(+) HARVEST / FIND FILES
* BY FILENAME / EXTENSION / FILENAME+EXTENSION
* FOLDERS: PREDEFINED / CUSTOM
* OPTIONAL "MAX FILE SIZE" VALUE (AVOID UPLOADING HUGE FILES)
* UPLOAD FILES FROM SEARCH RESULTS
* ZIP FOUND FILES AND UPLOAD THE PACKAGE
(+) PASS RECOVERY
* CHROME / FIREFOX / EDGE / FILEZILLA
(+) BROWSERS DATA
* FIREFOX AUTOFILL+HISTORY+COOKIES
* CHROME AUTOFILL+CREDIT CARDS+HISTORY+COOKIES
* EDGE AUTOFILL+CREDIT CARDS+HISTORY+COOKIES
(+) CLIPBOARD STEALER
* LIVE MODE + DOWNLOAD/DELETE DATA
* SAVES ACTIVE WINDOW (PROGRAM)
(+) CLIPPER/SWAPPER
* REPLACES BITCOIN/ETHEREUM/MONERO ADDRESSES WITH YOURS
(+) KEYLOGGER
* OFFLINE MODE
* HOOKING API METHOD (MORE ROBUST. NOT ASYNC)
* ON/OFF SWITCH
* 3 PREDEFINED INTERVALS TO SEND THE LOGS
* SAVES ACTIVE WINDOW (PROGRAM)
(+) UPDATE
"NEW VERSION" MODE
* UPDATE TO NEW BOT+PANEL (WITH NEW FEATURES)
* CONFIRMS NEW BOT CONNECTED TO THE NEW C2 SERVER BEFORE KILLING OLD
* IF NOT CONNECTED THE OLD BOT WILL REMAIN ACTIVE. THIS WAY YOU DONT LOSE THE OLD BOT IN CASE OF UPDATE FAILURE.
"ReFUDED" MODE
* REPLACE THE CURRENT RUNNING BINARY FOR THE REFUDED ONE IN THE SAME FOLDER
(!) THIS FEATURE WILL NOT CRYPT YOUR BINARY. ONLY DOES THE UPDATE/DEPLOY
(+) SCREENSHOTS
(+) KILL BOT
(+) MULTIPLE C2 SERVERS LIST
* BUILT WITH 5 C2 SERVERS' URLS. 1 MAIN + 4 BACKUPS.
* IF THE MAIN SERVER GETS BLOCKED/BANNED THE BOT WILL CHECK THE NEXT SERVER UNTIL IT FINDS ONE ONLINE. YOU DONT LOSE YOUR BOTS. THEY WILL MIGRATE TO ANOTHER SERVER.
(+) SINGLE/GROUP/MASS COMMANDS
* SET A COMMAND FOR A SINGLE BOT, FOR A GROUP OR FOR ALL (MASS)
(+) MULTIPLE COMMANDS FOR EACH BOT (COMMANDS QUEUE)
* IF THE TARGET IS OFFLINE COMMANDS WILL BE EXECUTED WHEN ONLINE
* SHOWING PENDING COMMANDS
(+) PC INFO
* INSTALLED PROGRAMS + HARDWARE INFO
(+) VISIT URL
* USING HEADLESS BROWSERS (CHROME/FIREFOX IF INSTALLED)
(+) ANTI-ANALYSIS
* IF ANALYSIS TOOLS ARE RUNNING THE BOT EXITS
* UNIQUE MUTEX FOR EACH BUILD
* UNIQUE DATA FOLDER FOR EACH BUILD
* BINARY STRINGS OBFUSCATED
C2 WEB PANEL
* LIST TARGETS
* SET COMMANDS
* LIST UPLOADED FILES
* STARTUP. CONFIG THE MODULES FOR THE FIRST TIME EXECUTION.
* TARGETS' LOG (ACTIVITY/COMMANDS EXECUTED)
* DARK/LIGHT THEME
* SECURE LOGIN WITH USER/PASSWORD AND "2FA" CODE
* CREDENTIALS ARE HARDCODED AND HASHED. NO DATABASE USED. CANT BE CRACKED.
PANEL SCREENSHOTS
PREVIEW
hxxps://imgur.com/a/cpRYqEg
MORE CAPTURES (SELECTION)
hxxps://ufile.io/ft6h5gk8
7Z PASS A4K7F8U3
PROS
+ SECURE. THE PANEL RUNS FROM A HOSTING/VPS. NOT ON YOUR COMPUTER
+ SECURE. YOU CAN LOGIN USING TOR BROWSER (JAVASCRIPT FULL TURNED ON)
+ NO SETUP. AVOID HAVING TO USE VPNS WITH PORT FORWARDING OR TUNNELING. YOU GET READY ACCESS TO THE PANEL
+ GET FILES ALL THE TIME. NO NEED TO HAVE YOUR PC TURNED ON ALL DAY (AVOID CRASHES, INTERNET/VPN DISCONNECTIONS, ETC)
+ MULTIPLE FEATURES TO BE ADDED ON FUTURE VERSIONS
CRYPTING
(*) NOT "FUD". NEEDS CRYPTING/PROTECTING FOR ANTIVIRUS EVASION
(*) A CRYPTER WITH "NATIVE" SUPPORT SHOULD BE USED
(*) PERSISTENCE + ANTI VM/SANDBOX SHOULD BE SET ON THE CRYPTER
CAVEATS / NOTES
(*) C2 PANEL NEEDS JAVASCRIPT FULL TURNED ON
(*) EXE SIZE IS ~450kb
(*) TESTED ON WINDOWS 7/8/10
ASSETS YOU RECEIVE
* RAT BINARY
* ACCESS TO THE C2 PANEL
* README
PRICING
RAT+PANEL
* 1 MONTH 60$ USD
* 3 MONTHS 130$ USD
* 12 MONTHS 500$ USD
+ UNIQUE HOSTING/DOMAIN COST
* 1 MONTH = 35 USD
* 3 MONTHS = 50 USD
(*) UPDATES INCLUDED
(*) DEMO AVAILABLE. 20 USD FEE REQUIRED (DISCOUNTED FROM PLAN PRICE)
(*) MONERO / BTC ACCEPTED
(*) PRICES MIGHT BE INCREASED ON PLAN RENEWAL FOR NEW VERSIONS
TERMS OF SERVICE
* EACH CLIENT GETS A UNIQUE DOMAIN+HOSTING SERVICE (NOT SHARED).
* YOUR PLAN STARTS ONCE THE HOSTING+DOMAIN IS SETUP AND YOU GET ACCESS. IF THERE IS A DELAY BETWEEN THE PAYMENT AND THE SETUP YOU WON'T LOSE ANY TIME OF USING THE TOOL.
* YOUR PANEL URL WILL BE RANDOMLY GENERATED. IT CANNOT BE CHANGED OR CHOSEN.
* IF YOUR MAIN URL GETS BLOCKED DUE TO A SPAM/MALWARE COMPLAINT (SUCH AS SPAMHOUSE), YOUR BOTS WILL MOVE TO THE NEXT EMBEDDED URL. WE WILL NEED TO REGISTER THE NEW DOMAIN AND IN SOME CASES GET A NEW HOSTING PLAN. NEW DOMAIN/HOSTING COSTS ARE NOT INCLUDED.
* NO FTP/CPANEL WILL BE PROVIDED DIRECTLY TO THE HOSTING SERVICE.
* HOSTING COSTS MIGHT CHANGE DEPENDING ON THE PROVIDER.