Go Back   Carder.life > Сервисы форума - [en] Verified services > UNVERIFIED ADVERTISEMENT
Reload this Page Floki Bot - TRACK 2 GRABBER - FORMGRABBER - WEBINJECTS - BYPASS TRUSTEER RAPPORT

CARDER.MARKET - CARDING FORUM FOR PROFESSIONAL CARDERS


 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 05-10-2025, 06:39 AM
rachelmaple's Avatar

rachelmaple rachelmaple is offline
Join Date: Jan 2022
Posts: 0
Default

Floki Bot
Dropper
Injects payload in zombie process without decrypting it inside dropper. Payload does not go through NtWriteVirtualMemory/NtMapViewOfSection calls but instead
a PE loader is injected that uses NtReadVirtualMemory then decompresses, decrypts and executes it. Decompression and decryption of payload only happens in zombie process (explorer.exe or svchost.exe).
After launch of payload in zombie process, payload injects itself in all running 32-bit processes.
EOF is not used.
Execution rate - 70%+.
Payload
Based on Zeus 2.0.8.9 source-code. Payload uses a different communication protocol that cannot be detected by Deep-Packet-Inspection unlike Zeus (Packets dont look like Zeus). Config is transfered to bot directly through gate.php encrypted.
All reports are written to HDD and then transfered in a single request to command and control center. This system reduces stress on server allowing you to hold more bots than it would send requests one by one (zeus) and ensures you dont loose a single report in case of downtime. Configuration file and dropper is automatically updated from webpanel using MD5 checks done by bot itself. Configuration supports unlimited URL.
Feature List:
Track 2 Grabber + Keylogger for CVV
Using memory hooks, it grabs all Track 2 with very low CPU usage(~0%).
Standard scanner/grabber(Dexter, Alina, all other) misses some Track 2 because it can be removed from memory before scan but with memory hooks this case cannot happen.
Track 2 data is analyzed and reported as what possible credit-card it is (Visa, Master-card, etc).
Formgrabber and Webinjects for Internet Explorer and Mozilla Firefox.
Bypass Trusteer Rapport
https://www.sendspace.com/file/mjlo6l (Video, need Adobe Flash)
FTP/POP3 Grabber
Cookies grabber for Internet Explorer
Ring-3 Rootkit unhooker
Bot will attempt to remove all inline hooks by reading and mapping original file and comparing bytes.
Hook Protection
Bot intercept NtProtectVirtualMemory calls to protect its own hooks against unhookers.
Backconnect SOCKS/VNC currently is not available as it is being recoded. Chrome webinjects and Webfakes will be available in future.
Price: 1000$, Bitcoin is only accepted payment method.
Escrow/garant is accepted.
Jabber: mailto:[email protected]
Testing is available when money is deposited in escrow/garant!
 

Tags
NULL

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump




All times are GMT. The time now is 11:40 AM.

Contact Us - Carder.life - Archive - Top