Jump to content
Sign in to follow this  
edbitss

DiamondFox [Modular, Loader, Stealer, Crypto Hijacker, Ransomware, RAM Scraper, Keylogger, Botkiller]

Recommended Posts

DiamondFox [Modular, Loader, Stealer, Crypto Hijacker, Ransomware, RAM Scraper, Keylogger, Botkiller]

Hello guys, after a long wait and too much hard work, today im really excited to present the new version of DiamondFox named as “Renard”.
This is a big update of DiamondFox and i gave the best of me doing this job. The bot was recoded from scratch and the panel was improved.

BOT:
- NATIVE. Don't need any kind of windows dependencies.
- SMALL. Bot with their configurations is ~30kb.
- ENCRYPTION. Fully encrypted HTTP communication with the panel and all bot settings and data.
- COMPRESSION. All data uploaded and received from the panel is compressed.
- MODULAR. The bots works based in a modular system. Modules can be loaded from the panel or loaded locally from the bot body.
- ALL WINDOWS. Working with all windows versions (XP, 7, 8, 10, server) and in both architecture (x86/x64)
- USER MODE. No need admin rights to work.
- ANTI-ANALYSIS. Avoid the execution of the bot if a debugger, virtual machine or sniffer is present. (Can be set by the user)
- CUSTOM INSTALLATION. The installation path, installation name and installation sub folder can be set by the user
- MELT. Automatically delete the file after the execution. This can be enabled or disabled.
- UNICODE. Working in all language systems (the world is yours!)
- LOGIC BOMB. You can set a date to start the bot payload.
- CONNECTION. You can set an unlimited gate list, the bot will detect online gates and select the available.
- FAKE MESSAGE. you can set a fake message box to the bot to be executed only in the first execution.
- LOADER. You can set an unlimited URL list to download and execute files.
- STARTUP. The bot have four startup methods: startup folder and registry keys: run/runonce/polices.
- ROUTINES. Each routine can be customized with a time.
- SCREENSHOTS. Bot will take and upload to the panel screenshots of the machine.
- INFORMATION. The bot grabs and send to the panel the next information about the infected machine: GUID, username, pc name, av installed, operative system version, ram, processor, GPU, HD space, OS architecture, admin/user identification, laptop/PC identification, user domain, local IP, installed software, running tasks, ping and environmental variables.
- STABLE. Bot will maintain a good communication with the panel.
- .BIT SUPPORT. Added support for namecoin domains .bit.

PANEL:
- CLEAN CODE. Codded in PHP/JS with AJAX, no ioncube or any other kind of encryption to the panel.
- MINIMUM REQUIREMENTS. Only PHP 5.6, MYSQL, ZIP and curl support needed.
- MULTI USER. The panel allows you to create and manage more than an user and put limits of the actions of the user can do. Excellent to work with team.
- PROTECTION. The panel have auto banning features if detect suspicious activities of a bot (ex. Unauthorized upload attempt) or from an user (ex. Login brute force). This can be enabled/disabled.
- NOTIFICATIONS. Real time notification when a bot connects to the panel. It shows a green line and a sound. This can be enabled/disabled.
- VIEW. The bots can be viewed in two modes: list (it will show the bots like a list with a short information about it) and grid (this allows you to see a more detailed information about the bot and a desktop preview)
- TASKS. Tasks can be set in three modes: Single execution, each restart execution and only new bots.
- FILTERS. Tasks can be filter by: HWID, country, av installed, OS version, ram size, processor, GPU, HD size, OS architecture, user privileges, PC/laptop, installed software, running tasks, limit executions or random executions.
- STATISTICS. The panel generate statistics about reports, avs installed, os versions, os architecture, user privileges and bot version. It also generate an statistic about the last 7 days of new bots and new USB spreads.
- REPORTS. All reports are in order and it can be downloaded or deleted with just a click. In the report page you can see a detailed statistic about reports.
- TASKS MANAGER. You can track your tasks in real time and see a log of the last 50 executed tasks to check if it was executed successfully or it failed.
- SETTINGS. In this tab you can setup the amount of bots per page, amount of report per page, ajax reload times, change your username or password, maximum login fails and gate file name.

IMAGES FROM PANEL:


Spoiler

This version it is focused in modules so here is the list of available modules:

BROWSER PASSWORD STEALER:
- grab stored passwords from browsers.
- Working on: Chrome, Firefox, Internet Explorer, Microsoft Edge, Opera, Vivaldi, Waterfox and Seamonkey.

FTP PASSWORD STEALER:
- grab stored password from ftp clients.
- Working on: Filezilla, FTPGetter, FTPExplorer and Frigate.

IM PASSWORD STEALER:
- Grab stored password from instant messaging clients.
- Working on: pidgin, ICQ, Trillian, MSNmessenger and Miranda.

EMAIL PASSWORD STEALER:
- grab stored passwords from email clients.
- Working on: Mozilla thunderbird, hotmail and Outlook (All versions)

WINDOWS RDP PASSWORD STEALER:
- grab stored passwords from windows RDP.

WEB HISTORY GRABBER:
- Grabs the web history of the last 6 hours.
- Working on Chrome, Firefox, Internet Explorer, Microsoft Edge and Opera.

HIDDEN AMMYY ADMIN:
- Allows you to view the desktop in real time and explore, download and edit files hidden.
- Working from XP to Windows 10 both architecture X86 and X64.
- Not working in windows server versions.
- screenshots:
https://ibb.co/bz90ccv
https://ibb.co/18twMjd
https://ibb.co/ct2Cdxs
https://ibb.co/8XHVHVW

REMOTE CONSOLE:
- Allows you to send commands and retrieve the response of the remote shell.
- Working with all command-line applications.
- Can be used for execute command-line software like mimikatz.
- screenshot: https://ibb.co/426Dcb9

FILE STEALER:
- Allows you to find files in the remote machine and upload it to the panel.
- Maximum and minimum size can be set.
- File type can be set using wildcards.
- You can set a custom path for search.
- screenshots:
https://ibb.co/tqQ8QYN
https://ibb.co/g60KPtF
https://ibb.co/jZSYYDN

KEYLOGGER:
- Sends to the panel all data written with the keyboard of the infected machine.
- Grabs windows title, date, hour, clipboard and data written.
- You can target the keylogger using the windows title or a word inside it.
- Clipboard data can be enabled/disabled.
-screenshots:
https://ibb.co/8B5X13K
https://ibb.co/fQSr1vx
https://ibb.co/VpKWmKd
https://ibb.co/VWwc70F

RAM SCRAPER:
- Grab track1 and track2.
- Same scraping module of GlitchPOS.
- A custom regex can be set.
- A custom process blacklist can be set.
- Working online and offline.
- screenshots:
https://ibb.co/mvVbx9G
https://ibb.co/0n0v6vd
https://ibb.co/CPFLjkt

CRYPTO HIJACKER:
- Scan the clipboard data for crypto wallet addresses.
- Detect bitcoin, bitcoin cash, litecoin, ethereum, dogecoin, dash, monero, neo and ripple.
- When it found a crypto address it will replace the data with your wallet address.

RANSOMWARE [BETA]:
- Search and lock files in the machine.
- You can set custom file names or extensions using wildcards.
- Multi-language. You can put your message in more than a language.
- Automatically generate an unique bitcoin address for each client.
- Once the files are encrypted it can not get the password at least the payment it is done.
- Panel automatically detect the payment and unlock the remote machine.
- Panel allows you to export all private keys with balance.
- Amount to pay it is set from the panel.
- First 3 costumers of this plugin will have free updates in exchange of their bug reports.

USB SPREAD:
- Spread the bot using LNK files in the USB drive.
- You can track all spreads in your panel.

BOLT BUILDER [JS/VBS LOADER]:
- Generate a small version of the main bot.
- Can be created in Javascript or visual basic script.
- Online builder. Create all files you want in the panel.
- Online crypter. It generate an encrypted version of the loader ready to spread.
- You can download and execute extra files from there.
- screenshots:
https://ibb.co/vxRztbw
https://ibb.co/HH8b81F
https://ibb.co/1XhsdFK
VIDEO RECORDER:
- Create an .avi video of the user actions.
- Follow the mouse pointer.
- The width and Height can be set by user.
- The frames per second can be set by user.
- Time for recording can be set by user.
- The trigger for recording can be the mouse movement or a custom window title.
- Uses the MSC1 encoder provided by microsoft.
- Screenshots:
https://ibb.co/HKGYMtL
https://ibb.co/F7YjFy1
- Video Sample: https://streamable.com/d506f

BOTKILLER:
- Scan in the startup registry and remove all the created entries for .exe, .com, .pif, .bat, .cmd, .scr.
- Clean the startup folder.
- Detect and remove script malware in format .js, .vbs and .hta.
- Detect and remove fileless malware in the registry.
- NOTE: Enabling this module will avoid the installation of extra malware.

UAC BYPASSER:
- Working from windows 7 to Windows 10 (x86 - x64).
- Bypass UAC selecting the best exploit for the current OS.
- It use Fileless exploits.
- Include wsreset.exe, eventvwr.exe, fodhelper.exe and sdclt.exe exploits.
- If a new fileless bypass it is discovered i will add it to the module.

PERSISTANCE:
- If the main process file is stopped it will be respawned.
- If the main bot is deleted it will be restored.

COOKIES GRABBER.
- Grab stored cookies of:
- Firefox
- Google Chrome
- Microsoft Edge.

JABBER NOTIFIER:
- receive real-time information from your panel.
- Fully customizable actions for notify:
- User login in panel.
- Favorite client comes online.
- Received browsers passwords.
- Received FTP passwords.
- Received IM passwords.
- Received Email passwords.
- Received track1/track2 data.

DYNCHECK [03.01.2020]:
- Runtime scan without internet connection (6/23): https://dyncheck.com/scan/id/49b2dbf...2393de9c7f57cb
- Runtime scan with full internet connection (9/23): https://dyncheck.com/scan/id/bfb2689...1d27834a2a2591

*Results may be better/worst with your crypter.
*Built with installation enabled, melt enabled and startup enabled.
*The file was crypted using crypt.guru. nice service and nice support.

PRICES:
- BOT 600$
- STEALERS (Browsers, IM, Instants, FTP, RDP and web history) 100$
- HIDDEN AMMYY ADMIN 150$
- REMOTE CONSOLE 100$
- FILE STEALER 150$
- KEYLOGGER 100$
- RAM SCRAPER 250$
- CRYPTO HIJACKER 100$
- RANSOMWARE 300$
- USB SPREAD 100$
- BOLT 200$ [Include updates]
- VIDEO RECORDER: 200$
- PERSISTANCE: 100$
- BOTKILLER: 100$
- UAC BYPASSER: 100$
- COOKIES GRABBER 100$
- JABBER NOTIFIER: 50$
- BOT REBUILD: 40$

Contacts:  @edbits on Telegram!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...