Thread: Banking Trojan
View Single Post
  #1  
Old 01-20-2025, 09:16 AM
EmeraldDragon's Avatar

EmeraldDragon EmeraldDragon is offline
Join Date: Apr 2025
Posts: 0
Default

GozNym banking Brief information
For some old customers darkode (there are exceptions).

Main functionality
  • Formgrabber (Chrome, Firefox, IE, Edge, Tor-Browser (HTTP, SSL, SPDY ... ... ...)

  • DNS Spoofer (Chrome, Firefox, IE, Edge)

  • Track 1/2 grabber

  • Socks5

  • HVNC (Hidden VNC) works on x86 & x64

  • HTTP flood

  • Keylogger (Multilang.) (Supports virtual keyboards) (Screenshot of 100x100 area on click creature) (possibility to monitor the specified windows)

  • Search by processes running on the bot.

  • Loader (EXE, DLL, VBS, bat ... + the ability to specify parameters for the file startup)

  • CMD Shell (remote execution of commands using the Windows command interpreter)

  • Stealing files by mask

  • Determination of the purity of downloads (number found "neighbors" on the computer)

  • Detection of installed AV (in all OS WINDOWS EXCEPT server versions)

  • Work through the gates

  • Ability to connect third-party modules

  • Supported versions ОS: Windows 10, 8.1, 8, 7, Vista and XP.

  • Supported architecture: x86/x64



Additional functions
  • Anti-debugging

  • AntiVM

  • Sandbox detection

  • Detection of all online automatic analysis services

  • Bot protection (protection process \ file \ registry branch)

  • Unlimited number of simultaneous commands (Some commands have a higher priority over the others and their execution stops, etc.)

  • Unlimited number of backup domains

  • Quiet operation even under a limited account record

  • Doesn't loads the CPU


Admin Panel Functionality
  • A flexible system of creating jobs

  • Detailed statistics on bots

  • Ability to issue commands to each country or bot separately

  • Customizable knock-timeout on bots

  • Statistic sorting by the IP \ Online \ Country \ OS

  • Ban system.



More than 50% of the information is hidden (Prevent the spread of Information).
Sale: builder or Rent
Auto-update through the bot.
JID-bot > Verification (Question answer) Access protection.
Access to the forum closed (Only for Holders or proven Authors) Tor.

Forum has 4 levels:
1st access level: Complete information on installation (Manuals, Bug-report (Fixes included in version) and technical part of the (Ticket).
2nd access level: With regards to the questions, answers and detailed discussions.
3rd access level section sales: Additional modules / Inject / Traffic / Crypt / Loader / Exploit / Spam - service / Orders / And more / ... /
4th access level: Closed. After 6 months of use. Held further discussion.
Forbidden:
crypts other
check virustotal (outdoor)
Any dissemination of information (screenshots, server, forum, discuss in open areas etc)

Contacts JID