06-06-2020, 11:57 AM
i coudn't find the original thread of the application, however, i've downloaded it to manually scan it
Less important screenshots:
Setups RAT on login:
TcpConnection:
i still have the original sample, dm me if you want it (i will not share it on 0day.red publically, don't want to get banned)
[/hide]
this application sends your hardware configuration to an ip (47.254.216.24:8989), checks if it is running in a VM & setups a rat on user login
Less important screenshots:
Hidden Content
Setups RAT on login:
TcpConnection:
i still have the original sample, dm me if you want it (i will not share it on 0day.red publically, don't want to get banned)
here is some tools i've made to decrypt some things, like the resources & strings
@mothered[/hide][To see links please register here]
[To see links please register here]
[To see links please register here]
[To see links please register here]
[/hide]