Sign In
Create Account
- Protected by VMP, give builder few seconds to start -
ATTENTION!!! BUILDER WORK ONLY ON REAL PC, DON'T USE VIRTUAL MACHINE OR DEDICATED SERVER(RDP)
ATTENTION!!! BUILDER WORK ONLY ON REAL PC, DON'T USE VIRTUAL MACHINE OR DEDICATED SERVER(RDP)
ATTENTION!!! BUILDER WORK ONLY ON REAL PC, DON'T USE VIRTUAL MACHINE OR DEDICATED SERVER(RDP)
ATTENTION!!! BUILDER WORK ONLY ON REAL PC, DON'T USE VIRTUAL MACHINE OR DEDICATED SERVER(RDP)
Files:
- ID_Changer.exe (provided only by request) - use for changing Seller ID (only with original/uncrypted Loader.exe) - not necessary
- Loader.exe - bot, must located in same folder with ID_Changer.exe, don't forget use CRYPTERS for FUD before mass infection process (spam, EK or loads/installs)
To install the panels on the hosting you will need:
- Apache 2 (mod_php)
- PHP 5.2.x-5.6.x
- MySQL (strict mode off)
ATTENTION!!! Don't forget change default passwords and rename control.php and guest.php (set properly values in /inc/cfg.php)
ATTENTION!!! Don't use FileZilla for upload admin panel files. Use FTP or server control panels.
ATTENTION!!! If need change settings for PHP in php.ini - "post_max_size" and "upload_max_filesize" for uploading big files (e.g - 100M)
ATTENTION!!! If need change settings for PHP in php.ini - "memory_limit" (e.g - 128M)
ATTENTION!!! If need change settings for Nginx in nginx.conf - "client_max_body_size" (e.g - 100M)
ATTENTION!!! TEST BOT WORK ONLY ON REAL PC (not use VMWare or other VM/RDP dedic's) (after testing you can delete bot from admin panel, menu BOTS -> delete, wait for 10 minutes while bot will deleted from panel and PC)
Install:
- copy files from "copy_files_from_this_folder" to your hosting path
- set chmod 0777 for "data","exe","files","keylogger" folders
- set DB access data in "/inc/cfg.php"
- ATTENTION!!! set encryptkey and decryptkey in "/inc/cfg.php" (line 6 and 7)
- open in browser
- delete "install.php"
- try to create test task in TASKS menu
* URL - here and below, this is address, domain or IP
Admin panel paths:
- control gate located at
- bot gate located at
* Please check gate availability (must return 404 error, not a blank page or other)
Usage:
1) Menu - contains navigation menu to control bots and tasks for them
- MY BOTNET - general statistics for bots, the overall total amount today, online, number of tasks, successful launches and downloads, bots to update the statistics on versions of Windows and statistics on countries, doubles counter, bots count for any seller id, privileges
- BOT LIST - Detailed statistics for bots,ID, IP, last access time, version of Windows and country, seller id, command for personal task or deletion. Also work search for some parameters.
- TASK LIST - work with the tasks for bots, the ability to upload a file in admin panel or remote downloading (the bot itself will download a file from a remote server and execute it), statistic for each task (loading and running, local or remote download), delete, editing or "pause" for each job. You can also set a limit of downloads for each job. You can load DLL's and run it from LoadLibrary (in address space of loader process) or regsrv32, all variants run OEP code of DLL.
- OPTIONS - clear/delete all tasks(including files) or only personal tasks(w/o files), cleaning all the statistics, sets for bot updating (2)
- STEALER - work with logs from stealer (download, delete) *only if you have a module
- FORM GRAB - form-grabber for IE,FF,Chrome,Opera (search for pattern of URL), also delete cookies and flash cookies (option on module page)
- PASS SNIF - password sniffer for all processes, work in realtime, support ftp,pop3,imap,smtp(AUTH LOGIN) accounts
- FAKE DNS - spoofing DNS-requests for all processes (7)
- FILE SEARCH - search & collect files from bots, files are stored in "/files/ID" folder, ZIP-archives with password "smoke_fs". Please, use FTP for browsing this files
- PROCMON - process monitoring with options (terminate process, reboot OS, download and execute file)
- DDOS - DDoS module
- KEYLOGGER - capture pressed keyboard and clipboard for processes, reports saved in "/keylogger/ID" folder. Please, use FTP for browsing this files
- HIDDEN TV - Hidden TeamViewer (Get HTV - command for download and run TV, HTV IDLE - that means what bot on work with TV)
- MINER - at this moment supported only XMR on CPU
- EMAIL GRAB - email grabber from email clients
2) Self-update - bots can update themselves on the newer version. To do this, select OPTIONS menu and set update file (local or remote).
- How to update the bots? - Make sure you have the bots;) (All bots> 0), specify the update method and specify the file or URL to update the page with summary statistics for bots in the line "For update" to be displayed with the number of bots to update (usually = All bots), as soon as the bot will update and successfully (!!!) restarted, in database will be set a flag for a successful update of the bot and in the future he will not try to update itself for the next update, which will set the owner of the bot.
3) Geo-targeting (download for specific countries) - this feature allows you to select a country or several countries for filtering download tasks of bots. In the textbox to indicate the "index" (usually two characters) that characterizes the country, for example - RU,US,GB (ie, for this assignment will be considered only boats from Russia, USA and UK) or for except - ALL,!RU,!UA,!BY (add "!" for deny country). By default, geo-targeting is configured to bot from all countries (all), is also worth noting that the panel may not be able to identify the country and this bot bot is assigned a code - XX. Parameter index case insensitive, ie you can enter and uppercase and lowercase letters. To see the current geo-targeting settings for a specific job to point the mouse cursor on the icon of the globe in line with this task.
4) Guest statistics - a special opportunity to admin, which allows us to show the short stats on a particular back (useful if you sell someone downloads). Ability to use access by special link, you can get this link by clicking on link "Guest" in the appropriate column of the table with data on all tasks (menu - TASKS)
5) Work with ID_Changer:
- all changes must doing on original Loader.exe (place it near ID_Changer.exe)
- enter Seller ID and press "Set", worked bot will be placed in the folder "sellers" and have file name is same as the Seller ID (so keep in mind that you can not use forbidden characters for file names in Windows)
- create a task in admin panel with the required Seller ID if needed (loader will load all files with that Seller ID)
- if you want use task for all bots, then set "Seller" field (on TASKS page) for this task equal to "0" (default value)
6) Protection against loss of a botnet - currently implemented the following system:
- Every build of loader includes two urls for reports, the first address - main and the second (!!!) is activated only when main not work (5 attempts)
- Loader send to the admin panel a special request, which gets an extra address for reports (if it is specified in menu section OPTIONS), the address will be used instead of the second (!!!) in loader, in case of unavailability of first.
In other words, for minimize chance of losing the botnet is recommended after the installation of the admin immediately enter the reserve address, but not necessarily immediately prescribe DNS for this domain (of course the domain must already be registered so that it could not use the other). When main (first) address will blocked, the bot will turn to reserve address, where you can set the update on a new build of the loader, which must contain the current address (previous reserve) and a new main address, will thus be kept to a minimum loss of bots blocking/disabling domains.
7) Fake DNS - can be used to block unwanted sites, and for the spoofing dns, each rule put into one line like "site.com=127.0.0.1" (without the quotes and spaces), where site.com - domain name and 127.0.0.1 - IP-address which will be made a spoofed, it is important to understand that site.com and www.site.com - two different domains, and the rules should be created for both, if necessary. The spoofing is performed for all programs running in the context of the current user.
