GHOST RAT. ADVANCED REMOTE ADMINISTRATION TOOL. UNDETECTED. MEGA DOWNLOAD LINK

Status
Not open for further replies.
Member
Joined
Mar 28, 2024
Messages
11
Reaction score
0
Points
1
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
 
Member
Joined
Apr 2, 2024
Messages
10
Reaction score
2
Points
1
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
ww
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/communityow
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
wow
 
Member
Joined
Apr 1, 2024
Messages
7
Reaction score
0
Points
1
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
 
Member
Joined
Apr 1, 2024
Messages
7
Reaction score
0
Points
1
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community

a
 
Member
Joined
Apr 1, 2024
Messages
36
Reaction score
3
Points
8
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
will
 
Member
Joined
Apr 1, 2024
Messages
36
Reaction score
3
Points
8
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
will
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
 
Joined
Jan 26, 2024
Messages
17
Reaction score
0
Points
1
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
thanks
 
Joined
Jan 26, 2024
Messages
17
Reaction score
0
Points
1
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
thanks
 
Member
Joined
Apr 1, 2024
Messages
37
Reaction score
97
Points
18
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
 
Member
Joined
Apr 1, 2024
Messages
37
Reaction score
97
Points
18
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
 
Member
Joined
Apr 8, 2024
Messages
24
Reaction score
0
Points
1
test
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
 
Member
Joined
Apr 14, 2024
Messages
9
Reaction score
0
Points
1
t
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
 
Member
Joined
Apr 13, 2024
Messages
12
Reaction score
1
Points
3
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
 
Member
Joined
Apr 14, 2024
Messages
31
Reaction score
3
Points
8
send
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
send me
 
Member
Joined
Apr 15, 2024
Messages
9
Reaction score
0
Points
1
uoo
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
y
 
Member
Joined
Apr 15, 2024
Messages
9
Reaction score
0
Points
1
uoo
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
y
Advanced Remote Administration Tool
Technical Information:
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. example: EXE IP PORT

When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.

When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. With that being said, unless the client/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. If this does not interest you, simply renaming zombie.exe and/or changing the assembly information using a tool will likely fool the client/zombie.

Features:
  • Remote command execution
  • Silent background process
  • Download and run file (Hidden)
  • Safe Mode startup
  • UAC Bypass
  • Will automatically connect to the server
  • Data sent and received is encrypted (substitution cipher)
  • Files are hidden
  • File Infector
  • Symmetric Cryptography
  • Hijack Execution Flow: DLL Side-Loading
  • Deobfuscate/Decode Files or Information
  • Input Capture Keylogging
  • Command and Scripting Interpreter
  • Installed Antivirus shown to server
  • Indicator Removal: Clear Windows Event Logs
  • Indicator Removal: File Deletion
  • Easily spread malware through download feature
  • Startup info doesn't show in msconfig or other startup checking programs like CCleaner
  • Disable Task Manager
  • TCP Connections
  • Non-Application Layer Protocol
  • ActiveWindows
  • StartupManager
  • Registry Editor
  • Process Manager
  • Clipboard Manager
  • Shell
  • Installed Programs
  • DDos Attack
  • VB Net Compiler
  • Location Manager [GPS - IP]
  • File Manager
  • Client [Restart - Close - Uninstall - Update - Block - Note]
  • Power [Shutdown - Restart - Logoff]
  • More

Download Link:

[Hidden content]


Virus Scans:
Virus total Report: https://www.virustotal.com/gui/file/b0bc.../community
HTML Report: https://www.joesandbox.com/analysis/379667/0/html
PDF Report: https://www.joesandbox.com/analysis/379667/0/pdf
Executive Report: https://www.joesandbox.com/analysis/379667/0/executive
Incident Report: https://www.joesandbox.com/analysis/379667/0/irxml
IOCs: https://www.joesandbox.com/analysis/3796...analysisid

Virustotal link https://www.virustotal.com/gui/file...9fd173eb07128aea13af83938ca94ebe4dd/community
 
Status
Not open for further replies.
  • Tags
    download mega rat remote tool
  • Top