In this topic I describe my experience exclusively for beginners. I will be glad if you correct me or add to my topic. Because everything I write is exclusively my experience, which may not be entirely accurate. I am an ordinary lamer and do not claim to be an expert
The first thing you need to understand is the crypt, because without it there will be no work:
Crypt is a shell (encryption) of the file so that AV (antiviruses) do not detect your file
From the public cryptographers I can recommend 2 people: ZIP Crypt & mrlapis (both from the exploit forum). Prices start from $ 100 per file. There are cheaper options.
They can make you a unique (private) stub, which will last much longer. Or make a public stub. But in this case, not only you are encrypted, but also other clients. which means your file will start to be detected faster.
As for the FUD file. (0/32) - for a beginner this is not at all necessary. I would say the most important thing is that the def is clean. Not only in statics, but also in dynamics. Because def is more than 60% of devices.
(NEVER POST CRYPTOCATED FILES ON VIRUSTOTAL!!!!)
Second: Alerts
A)
The most hated alert for newbies is the Google Chrome alert. When downloading a file from your hosting (don't keep files on hosting), or VPS - you will see 99.9% of the time:
The file is rarely downloaded. It may be malicious.
I only know of 1 public solution:
Dropbox premium account. Use it to your heart's content.
B) SmartScreen. You will get this window if you download a file from the Edge browser, or if you run the file on a PC.
This means that Microsoft doesn't know your file. (https://feedback.smartscreen.microsoft.com/feedback.aspx)
This alert can be bypassed using an EV certificate. Its price is from 4k to 8k. I strongly recommend writing 5110C (not to be confused with 5110) to your tokens, or buying it with physical delivery. Otherwise, there is a chance of getting to a dishonest seller and your certificate will be used to sign other files. Which will greatly reduce its lifespan. The lifespan of a certificate depends on the amount of traffic spilled and its audience. It can live for a month or a year.
A certificate dies for 2 reasons - If it is revoked, or if you sign files with a detect from a defender. A detect from a def can also get on a certificate. And then, when signing an absolutely clean file, you will catch a def detect. It will simply remember your certificate.
B) UAC is not exactly an alert. This is a request for a change in the system. For example, adding a defender to the exception. In other words, this is a request for admin rights. A lot of software works with low rights. So they do not require UAC. But there are solutions where admin rights are obtained without a request. Not public.
Now you understand that to work with viruses, you need to have a clean file that not only AV (crypt), but also Windows (EB Certificate) will not scold.
Now let's think about what software you would like to work with? Let's start with the most popular virus
1) Stealers. There are many of them, from free sources on GitHub to private solutions for $ 10,000.
malicious software designed to steal valuable data from an infected machine, such as cookies, logins and passwords, screenshots from the desktop.
Stealers are divided into 2 types. Resident and non-resident.
Non-resident stealer - after execution (stealing data) it is deleted from the computer
Resident - lives in the computer's memory and, if necessary (for example, to update cookies), performs its task again
Personally, I have not worked with public stealers for a long time, but I heard that Luma stealer is a good solution. For beginners, I think it is an ideal option.
Stealers work in 3 directions (the main ones, but I'm not sure). 1) Crypto, 2) Collection of CC, 3) Collection of payment systems (Banks, PayPal, Amazon, etc.)
Stealer steals data: Cookies (Cookies are small pieces of text transmitted to the browser from the site you open. With their help, the site remembers information about your visits.)
Passwords and logins that you save when visiting sites
Also your payment information
2) HVNC. This is the same VNC (remote desktop), but only hidden. You work from the KH account, but secretly. If in the case of a stealer - you try to be as similar to KH as possible, then in this case KH = YOU. YOU = KH.
HVNC can only be resident and lives on the computer until your file (stub) starts to be detected. Therefore, the best solution would be to load the reflex dll through a loader, which will live in the PC's memory
Thus, your bot will live for months on the PC
3) What is a loader - dropper.
A dropper is a gasket between your virus and the victim's PC. Its task is to launch your Trojan and delete itself from the PC.
A loader is the same dropper, but in most cases it is resident and has different functionality, and not just launching your payload
Third - You got your animal, bought EV, encrypted it, what to do next to make money? That's right - now we need victims. There are a lot of options here. From spamming manually on TG, uploading videos to YouTube and to contextual advertising. I worked only with the latter. Google and Bing.
There will be no useful information for beginners here, but there will be a little advice.
NEVER work WITHOUT a guarantor. No matter what reputation the person has.
And remember that YOU WILL NEVER BE SOLD 1000 good installs! Even for $10,000! NEVER!!!
The first thing you need to understand is the crypt, because without it there will be no work:
Crypt is a shell (encryption) of the file so that AV (antiviruses) do not detect your file
From the public cryptographers I can recommend 2 people: ZIP Crypt & mrlapis (both from the exploit forum). Prices start from $ 100 per file. There are cheaper options.
They can make you a unique (private) stub, which will last much longer. Or make a public stub. But in this case, not only you are encrypted, but also other clients. which means your file will start to be detected faster.
As for the FUD file. (0/32) - for a beginner this is not at all necessary. I would say the most important thing is that the def is clean. Not only in statics, but also in dynamics. Because def is more than 60% of devices.
(NEVER POST CRYPTOCATED FILES ON VIRUSTOTAL!!!!)
Second: Alerts
A)
The most hated alert for newbies is the Google Chrome alert. When downloading a file from your hosting (don't keep files on hosting), or VPS - you will see 99.9% of the time:
The file is rarely downloaded. It may be malicious.
I only know of 1 public solution:
Dropbox premium account. Use it to your heart's content.
B) SmartScreen. You will get this window if you download a file from the Edge browser, or if you run the file on a PC.
This means that Microsoft doesn't know your file. (https://feedback.smartscreen.microsoft.com/feedback.aspx)
This alert can be bypassed using an EV certificate. Its price is from 4k to 8k. I strongly recommend writing 5110C (not to be confused with 5110) to your tokens, or buying it with physical delivery. Otherwise, there is a chance of getting to a dishonest seller and your certificate will be used to sign other files. Which will greatly reduce its lifespan. The lifespan of a certificate depends on the amount of traffic spilled and its audience. It can live for a month or a year.
A certificate dies for 2 reasons - If it is revoked, or if you sign files with a detect from a defender. A detect from a def can also get on a certificate. And then, when signing an absolutely clean file, you will catch a def detect. It will simply remember your certificate.
B) UAC is not exactly an alert. This is a request for a change in the system. For example, adding a defender to the exception. In other words, this is a request for admin rights. A lot of software works with low rights. So they do not require UAC. But there are solutions where admin rights are obtained without a request. Not public.
Now you understand that to work with viruses, you need to have a clean file that not only AV (crypt), but also Windows (EB Certificate) will not scold.
Now let's think about what software you would like to work with? Let's start with the most popular virus
1) Stealers. There are many of them, from free sources on GitHub to private solutions for $ 10,000.
malicious software designed to steal valuable data from an infected machine, such as cookies, logins and passwords, screenshots from the desktop.
Stealers are divided into 2 types. Resident and non-resident.
Non-resident stealer - after execution (stealing data) it is deleted from the computer
Resident - lives in the computer's memory and, if necessary (for example, to update cookies), performs its task again
Personally, I have not worked with public stealers for a long time, but I heard that Luma stealer is a good solution. For beginners, I think it is an ideal option.
Stealers work in 3 directions (the main ones, but I'm not sure). 1) Crypto, 2) Collection of CC, 3) Collection of payment systems (Banks, PayPal, Amazon, etc.)
Stealer steals data: Cookies (Cookies are small pieces of text transmitted to the browser from the site you open. With their help, the site remembers information about your visits.)
Passwords and logins that you save when visiting sites
Also your payment information
2) HVNC. This is the same VNC (remote desktop), but only hidden. You work from the KH account, but secretly. If in the case of a stealer - you try to be as similar to KH as possible, then in this case KH = YOU. YOU = KH.
HVNC can only be resident and lives on the computer until your file (stub) starts to be detected. Therefore, the best solution would be to load the reflex dll through a loader, which will live in the PC's memory
Thus, your bot will live for months on the PC
3) What is a loader - dropper.
A dropper is a gasket between your virus and the victim's PC. Its task is to launch your Trojan and delete itself from the PC.
A loader is the same dropper, but in most cases it is resident and has different functionality, and not just launching your payload
Third - You got your animal, bought EV, encrypted it, what to do next to make money? That's right - now we need victims. There are a lot of options here. From spamming manually on TG, uploading videos to YouTube and to contextual advertising. I worked only with the latter. Google and Bing.
There will be no useful information for beginners here, but there will be a little advice.
NEVER work WITHOUT a guarantor. No matter what reputation the person has.
And remember that YOU WILL NEVER BE SOLD 1000 good installs! Even for $10,000! NEVER!!!
