Smoke Bot is a modular bot based on the functionality of a resident loader
Benefits:
- Availability of plugin modules that expand the functionality of the bot, while not affecting the size of the bot (does not need to be crypted)
- detailed statistics on OS versions (bit depth, privileges), countries and online
- detailed statistics on tasks, downloads/launches, quantity limit, etc.
- Tasks for bot to load EXE and DLL (LoadLibrary, regsvr32, launch from memory without saving to disk).
- Geo-targeting (selective downloads for specific countries only or block for specific countries).
- Personal tasks for each bot, the ability to ban or delete bots
- HTTPS support, downloading task files from admin panel or other URL
- inconspicuous installation in your system, protection of your own files
- bot updates and backup addresses
- use of prefixes (ID) for exe (more accurate statistics and separation of jobs)
- exclusion of repeat launch on a computer with an already running bot (within one license)
- "Guest" access to job statistics
- bypassing AB's proactive mechanisms (injecting into a trusted process)
- Low->High privilege escalation (runas + cmd)
- anti-debugging, anti-emulation, sandbox and virtual machine detection
- Basic crypting (no additional DLL, overlay or TLS, only one section of code)
- works in Windows 7-10 x32/x64
- Little bot size ~35 Kb
Modules:
- STEALER - a module for collecting stored passwords from various programs (browsers, email, etc.), also supports collecting COOKIES from Firefox and Chrome-based browsers from the list below
- FORM GRABBER - form grabber working in real time with browsers (IE, EDGE, FF, CHROME, OPERA: both 32 bit and 64 bit versions are supported), intercepts all POST requests of forms (authorization, payment data, etc.), supports HTTPS, search in the admin by a part of URL or bot ID or keyword from data
- PASS SNIFFER - password sniffer, captures username and password in popular applications during authorization in various services, supports (no tls/ssl) FTP, POP3, IMAP, SMTP(AUTH LOGIN), data is sent to the admin and looks like - protocol://user
ass@ip
ort
- FAKE DNS - an advanced substitution of DNS (substitution of output), works in real time with all applications, allows you to change the IP address for the domain according to a rule, which is set in the admin as follows: site.ru=127.0.0.1 (does not bypass validation of certificates)
- FILE SEARCH - a module to find files, search according to the rules and send them to the admin panel (mask search is supported)
- PROCMON - a module for monitoring processes and execute jobs when the desired process is found
- DDOS - module allows you to make DDOS attacks on different resources (domain or ip address) and supports several types of attacks
- KEYLOGGER - keylogger module, intercepts keystrokes in specified applications (supports Unicode and mask search)
- REMOTE PC - module for computer monitoring, control/view of the desktop and file manager (no RDP, no "parallel" session, the holder sees your actions)
- EMAIL GRABBER - module for collecting email addresses from popular email clients (Outlook, Thunderbird, The Bat!)
I might be forgetting something. Pictures and proof in telegram. Possible test period if the buyer proves he is ready to buy right away!
Telegram - @padma1337
