Расширенный инструмент удаленного администрирования
Техническая информация:
Ghost — это легкая RAT, которая предоставляет серверу/злоумышленнику полный удаленный доступ к интерпретатору командной строки пользователя (cmd.exe). Им разрешено выполнять команды бесшумно, чтобы клиент/зомби не заметил этого. Серверу/злоумышленнику также предоставляется возможность загружать и выполнять файлы на компьютере клиента/зомби. Это также тихий и скрытый процесс. Как и большинство троянов удаленного доступа, эта возможность загрузки и выполнения помогает распространять вирусы и другие вредоносные программы.
Эта вредоносная программа распространяется простым запуском Zombie.exe. Это имя файла можно изменить на любое. Нет никаких ограничений. При запуске он ищет первые два аргумента (IP и порт). Если ни один из них не указан, программа не запускается. При этом убедитесь, что вы указали IP-адрес и порт сервера в аргументах командной строки. пример: EXE IP ПОРТ
При успешном запуске он добавляется в пул запуска и работает в фоновом режиме. Он будет неоднократно пытаться подключиться к серверу. Этот процесс не потребляет никакой памяти или процессора. Это означает, что зомби будет молча простаивать в фоновом режиме, и всякий раз, когда сервер включен, он автоматически подключается.
При запуске сервера он предложит вам порт прослушивания. Это порт, который вам нужно использовать в командной строке для Zombie.exe. Как только вы укажете порт, будет предоставлена информация о вашем сервере, и меню закроется. Указанный IP-адрес является вашим внешним IP-адресом. При этом, если клиент/зомби не активно ищет и отслеживает открытые соединения, вероятно, будет разумно запустить этот сервер в удаленном месте, если вы хотите остаться анонимным. Если это вас не интересует, простое переименование Zombie.exe и/или изменение информации о сборке с помощью инструмента, скорее всего, обманет клиента/зомби.
Функции:
- Удаленное выполнение команд
- Тихий фоновый процесс
- Скачать и запустить файл (Скрыто)
- Запуск в безопасном режиме
- Обход UAC
- Автоматически подключится к серверу
- Отправляемые и получаемые данные шифруются (шифр подстановки).
- Файлы скрыты
- Файловый заразитель
- Симметричная криптография
- Порядок выполнения перехвата: неопубликованная загрузка DLL
- Деобфускация/декодирование файлов или информации
- Кейлоггинг захвата ввода
- Интерпретатор команд и сценариев
- Установленный антивирус отображается на сервере
- Удаление индикатора: очистка журналов событий Windows
- Удаление индикатора: Удаление файла
- Легкое распространение вредоносного ПО с помощью функции загрузки
- Информация о запуске не отображается в msconfig или других программах проверки запуска, таких как CCleaner.
- Отключить диспетчер задач
- TCP-соединения
- Протокол неприкладного уровня
- АктивWindows
- Менеджер запуска
- Редактор реестра
- Менеджер процессов
- Менеджер буфера обмена
- Оболочка
- Установленные программы
- DDos-атака
- Компилятор VB Net
- Менеджер местоположения [GPS - IP]
- Файловый менеджер
- Клиент [Перезапустить - Закрыть - Удалить - Обновить - Блокировать - Примечание]
- Питание [Выключение – Перезапуск – Выход из системы]
- Более
Ссылка для скачивания:
[Скрытый контент]
Сканирование вирусов:
Общий отчет по вирусам: https://www.virustotal.com/gui/file/b0bc.../community
HTML-отчет: https://www.joesandbox.com/anaанализ/379667/0/html.
Отчет в формате PDF: https://www.joesandbox.com/anaанализ/379667/0/pdf.
Исполнительный отчет: https://www.joesandbox.com/anaанализ/379667/0/executive.
Отчет об инциденте: https://www.joesandbox.com/anaанализ/379667/0/irxml.
МОК: https://www.joesandbox.com/anaанализ/3796...anaанализid
Ссылка на Virustotal VirusTotal
WawAdvanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.
This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT
When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.
When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.
Features:
- Remote command execution
- Silent background process
- Download and run file (Hidden)
- Safe Mode startup
- UAC Bypass
- Will automatically connect to the server
- Data sent and received is encrypted (substitution cipher)
- Files are hidden
- File Infector
- Symmetric Cryptography
- Hijack Execution Flow: DLL Side-Loading
- Deobfuscate/Decode Files or Information
- Input Capture Keylogging
- Command and Scripting Interpreter
- Installed Antivirus shown to server
- Indicator Removal: Clear Windows Event Logs
- Indicator Removal: File Deletion
- Easily spread malware through download feature
- Startup info doesn't show in msconfig or other startup checking programs like CCleaner
- Disable Task Manager
- TCP Connections
- Non-Application Layer Protocol
- ActiveWindows
- StartupManager
- Registry Editor
- Process Manager
- Clipboard Manager
- Shell
- Installed Programs
- DDos Attack
- VB Net Compiler
- Location Manager [GPS - IP]
- File Manager
- Client [Restart - Close - Uninstall - Update - Block - Note]
- Power [Shutdown - Restart - Logoff]
- More
Download Link:
[Hidden content]
Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid
Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.
This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT
When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.
When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.
Features:
- Remote command execution
- Silent background process
- Download and run file (Hidden)
- Safe Mode startup
- UAC Bypass
- Will automatically connect to the server
- Data sent and received is encrypted (substitution cipher)
- Files are hidden
- File Infector
- Symmetric Cryptography
- Hijack Execution Flow: DLL Side-Loading
- Deobfuscate/Decode Files or Information
- Input Capture Keylogging
- Command and Scripting Interpreter
- Installed Antivirus shown to server
- Indicator Removal: Clear Windows Event Logs
- Indicator Removal: File Deletion
- Easily spread malware through download feature
- Startup info doesn't show in msconfig or other startup checking programs like CCleaner
- Disable Task Manager
- TCP Connections
- Non-Application Layer Protocol
- ActiveWindows
- StartupManager
- Registry Editor
- Process Manager
- Clipboard Manager
- Shell
- Installed Programs
- DDos Attack
- VB Net Compiler
- Location Manager [GPS - IP]
- File Manager
- Client [Restart - Close - Uninstall - Update - Block - Note]
- Power [Shutdown - Restart - Logoff]
- More
Download Link:
[Hidden content]
Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid
Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
Oh goodAdvanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.
This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT
When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.
When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.
Features:
- Remote command execution
- Silent background process
- Download and run file (Hidden)
- Safe Mode startup
- UAC Bypass
- Will automatically connect to the server
- Data sent and received is encrypted (substitution cipher)
- Files are hidden
- File Infector
- Symmetric Cryptography
- Hijack Execution Flow: DLL Side-Loading
- Deobfuscate/Decode Files or Information
- Input Capture Keylogging
- Command and Scripting Interpreter
- Installed Antivirus shown to server
- Indicator Removal: Clear Windows Event Logs
- Indicator Removal: File Deletion
- Easily spread malware through download feature
- Startup info doesn't show in msconfig or other startup checking programs like CCleaner
- Disable Task Manager
- TCP Connections
- Non-Application Layer Protocol
- ActiveWindows
- StartupManager
- Registry Editor
- Process Manager
- Clipboard Manager
- Shell
- Installed Programs
- DDos Attack
- VB Net Compiler
- Location Manager [GPS - IP]
- File Manager
- Client [Restart - Close - Uninstall - Update - Block - Note]
- Power [Shutdown - Restart - Logoff]
- More
Download Link:
[Hidden content]
Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid
Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
Thank u a lot dude!!!!Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.
This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT
When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.
When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.
Features:
- Remote command execution
- Silent background process
- Download and run file (Hidden)
- Safe Mode startup
- UAC Bypass
- Will automatically connect to the server
- Data sent and received is encrypted (substitution cipher)
- Files are hidden
- File Infector
- Symmetric Cryptography
- Hijack Execution Flow: DLL Side-Loading
- Deobfuscate/Decode Files or Information
- Input Capture Keylogging
- Command and Scripting Interpreter
- Installed Antivirus shown to server
- Indicator Removal: Clear Windows Event Logs
- Indicator Removal: File Deletion
- Easily spread malware through download feature
- Startup info doesn't show in msconfig or other startup checking programs like CCleaner
- Disable Task Manager
- TCP Connections
- Non-Application Layer Protocol
- ActiveWindows
- StartupManager
- Registry Editor
- Process Manager
- Clipboard Manager
- Shell
- Installed Programs
- DDos Attack
- VB Net Compiler
- Location Manager [GPS - IP]
- File Manager
- Client [Restart - Close - Uninstall - Update - Block - Note]
- Power [Shutdown - Restart - Logoff]
- More
Download Link:
[Hidden content]
Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid
Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
Thank u a lot dude!!!!Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.
This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT
When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.
When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.
Features:
- Remote command execution
- Silent background process
- Download and run file (Hidden)
- Safe Mode startup
- UAC Bypass
- Will automatically connect to the server
- Data sent and received is encrypted (substitution cipher)
- Files are hidden
- File Infector
- Symmetric Cryptography
- Hijack Execution Flow: DLL Side-Loading
- Deobfuscate/Decode Files or Information
- Input Capture Keylogging
- Command and Scripting Interpreter
- Installed Antivirus shown to server
- Indicator Removal: Clear Windows Event Logs
- Indicator Removal: File Deletion
- Easily spread malware through download feature
- Startup info doesn't show in msconfig or other startup checking programs like CCleaner
- Disable Task Manager
- TCP Connections
- Non-Application Layer Protocol
- ActiveWindows
- StartupManager
- Registry Editor
- Process Manager
- Clipboard Manager
- Shell
- Installed Programs
- DDos Attack
- VB Net Compiler
- Location Manager [GPS - IP]
- File Manager
- Client [Restart - Close - Uninstall - Update - Block - Note]
- Power [Shutdown - Restart - Logoff]
- More
Download Link:
[Hidden content]
Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid
Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
nice add dude!!!!Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.
This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT
When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.
When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.
Features:
- Remote command execution
- Silent background process
- Download and run file (Hidden)
- Safe Mode startup
- UAC Bypass
- Will automatically connect to the server
- Data sent and received is encrypted (substitution cipher)
- Files are hidden
- File Infector
- Symmetric Cryptography
- Hijack Execution Flow: DLL Side-Loading
- Deobfuscate/Decode Files or Information
- Input Capture Keylogging
- Command and Scripting Interpreter
- Installed Antivirus shown to server
- Indicator Removal: Clear Windows Event Logs
- Indicator Removal: File Deletion
- Easily spread malware through download feature
- Startup info doesn't show in msconfig or other startup checking programs like CCleaner
- Disable Task Manager
- TCP Connections
- Non-Application Layer Protocol
- ActiveWindows
- StartupManager
- Registry Editor
- Process Manager
- Clipboard Manager
- Shell
- Installed Programs
- DDos Attack
- VB Net Compiler
- Location Manager [GPS - IP]
- File Manager
- Client [Restart - Close - Uninstall - Update - Block - Note]
- Power [Shutdown - Restart - Logoff]
- More
Download Link:
[Hidden content]
Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid
Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
I have too see this one thanks buddyAdvanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.
This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT
When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.
When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.
Features:
- Remote command execution
- Silent background process
- Download and run file (Hidden)
- Safe Mode startup
- UAC Bypass
- Will automatically connect to the server
- Data sent and received is encrypted (substitution cipher)
- Files are hidden
- File Infector
- Symmetric Cryptography
- Hijack Execution Flow: DLL Side-Loading
- Deobfuscate/Decode Files or Information
- Input Capture Keylogging
- Command and Scripting Interpreter
- Installed Antivirus shown to server
- Indicator Removal: Clear Windows Event Logs
- Indicator Removal: File Deletion
- Easily spread malware through download feature
- Startup info doesn't show in msconfig or other startup checking programs like CCleaner
- Disable Task Manager
- TCP Connections
- Non-Application Layer Protocol
- ActiveWindows
- StartupManager
- Registry Editor
- Process Manager
- Clipboard Manager
- Shell
- Installed Programs
- DDos Attack
- VB Net Compiler
- Location Manager [GPS - IP]
- File Manager
- Client [Restart - Close - Uninstall - Update - Block - Note]
- Power [Shutdown - Restart - Logoff]
- More
Download Link:
[Hidden content]
Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid
Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.
This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT
When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.
When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.
Features:
- Remote command execution
- Silent background process
- Download and run file (Hidden)
- Safe Mode startup
- UAC Bypass
- Will automatically connect to the server
- Data sent and received is encrypted (substitution cipher)
- Files are hidden
- File Infector
- Symmetric Cryptography
- Hijack Execution Flow: DLL Side-Loading
- Deobfuscate/Decode Files or Information
- Input Capture Keylogging
- Command and Scripting Interpreter
- Installed Antivirus shown to server
- Indicator Removal: Clear Windows Event Logs
- Indicator Removal: File Deletion
- Easily spread malware through download feature
- Startup info doesn't show in msconfig or other startup checking programs like CCleaner
- Disable Task Manager
- TCP Connections
- Non-Application Layer Protocol
- ActiveWindows
- StartupManager
- Registry Editor
- Process Manager
- Clipboard Manager
- Shell
- Installed Programs
- DDos Attack
- VB Net Compiler
- Location Manager [GPS - IP]
- File Manager
- Client [Restart - Close - Uninstall - Update - Block - Note]
- Power [Shutdown - Restart - Logoff]
- More
Download Link:
[Hidden content]
Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid
Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.
This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT
When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.
When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.
Features:
- Remote command execution
- Silent background process
- Download and run file (Hidden)
- Safe Mode startup
- UAC Bypass
- Will automatically connect to the server
- Data sent and received is encrypted (substitution cipher)
- Files are hidden
- File Infector
- Symmetric Cryptography
- Hijack Execution Flow: DLL Side-Loading
- Deobfuscate/Decode Files or Information
- Input Capture Keylogging
- Command and Scripting Interpreter
- Installed Antivirus shown to server
- Indicator Removal: Clear Windows Event Logs
- Indicator Removal: File Deletion
- Easily spread malware through download feature
- Startup info doesn't show in msconfig or other startup checking programs like CCleaner
- Disable Task Manager
- TCP Connections
- Non-Application Layer Protocol
- ActiveWindows
- StartupManager
- Registry Editor
- Process Manager
- Clipboard Manager
- Shell
- Installed Programs
- DDos Attack
- VB Net Compiler
- Location Manager [GPS - IP]
- File Manager
- Client [Restart - Close - Uninstall - Update - Block - Note]
- Power [Shutdown - Restart - Logoff]
- More
Download Link:
[Hidden content]
Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid
Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.
This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT
When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.
When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.
Features:
- Remote command execution
- Silent background process
- Download and run file (Hidden)
- Safe Mode startup
- UAC Bypass
- Will automatically connect to the server
- Data sent and received is encrypted (substitution cipher)
- Files are hidden
- File Infector
- Symmetric Cryptography
- Hijack Execution Flow: DLL Side-Loading
- Deobfuscate/Decode Files or Information
- Input Capture Keylogging
- Command and Scripting Interpreter
- Installed Antivirus shown to server
- Indicator Removal: Clear Windows Event Logs
- Indicator Removal: File Deletion
- Easily spread malware through download feature
- Startup info doesn't show in msconfig or other startup checking programs like CCleaner
- Disable Task Manager
- TCP Connections
- Non-Application Layer Protocol
- ActiveWindows
- StartupManager
- Registry Editor
- Process Manager
- Clipboard Manager
- Shell
- Installed Programs
- DDos Attack
- VB Net Compiler
- Location Manager [GPS - IP]
- File Manager
- Client [Restart - Close - Uninstall - Update - Block - Note]
- Power [Shutdown - Restart - Logoff]
- More
Download Link:
[Hidden content]
Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid
Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.
This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT
When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.
When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.
Features:
- Remote command execution
- Silent background process
- Download and run file (Hidden)
- Safe Mode startup
- UAC Bypass
- Will automatically connect to the server
- Data sent and received is encrypted (substitution cipher)
- Files are hidden
- File Infector
- Symmetric Cryptography
- Hijack Execution Flow: DLL Side-Loading
- Deobfuscate/Decode Files or Information
- Input Capture Keylogging
- Command and Scripting Interpreter
- Installed Antivirus shown to server
- Indicator Removal: Clear Windows Event Logs
- Indicator Removal: File Deletion
- Easily spread malware through download feature
- Startup info doesn't show in msconfig or other startup checking programs like CCleaner
- Disable Task Manager
- TCP Connections
- Non-Application Layer Protocol
- ActiveWindows
- StartupManager
- Registry Editor
- Process Manager
- Clipboard Manager
- Shell
- Installed Programs
- DDos Attack
- VB Net Compiler
- Location Manager [GPS - IP]
- File Manager
- Client [Restart - Close - Uninstall - Update - Block - Note]
- Power [Shutdown - Restart - Logoff]
- More
Download Link:
[Hidden content]
Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid
Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?