In this topic, I describe my experience exclusively for beginners.. Tk all that I write is only my experience, which may not be entirely accurate.
The first thing that needs to be disassembled is the crypt, because without it, there will be no work:
Crypt-this is the shell (encryption) of the file for what would be AV (antivirus) didn't detect your file
Prices start at $ 100 per file. There are also cheaper options.
You can get a unique (private)payment. a stub that will last much longer. Or make a public stub. But in this case, they crypt not only you, but also other clients. this means that your file will start burning faster.
As for the FUD file. (0/32) - this is not necessary for a beginner. I would say that the most important thing is that the def is clean. Not only in statics, but also in dynamics. Tc def accounts for more than 60% of devices.
(NEVER UPLOAD ENCRYPTED FILES TO VIRUSTOTAL!!!!)
Second: Alerts
A) The most hated alert for beginners is the Google chrome alert. When downloading a file from your hosting (do not keep files on hostings), or vps - you will see 99.9% of the results.:
The file is rarely downloaded. It may be malicious.
Of the public solutions, I know only 1:
Premium dropbox account. Use it on your health.
B) SmartScreen. You will catch this window if you download the file from the Edge browser, or if you run the file on a PC.
This means that the mikes don't know your file. ( https://feedback.smartscreen.microsoft.com/feedback.aspx )
This alert can be circumvented by using an EV certificate. Its price ranges from 4k to 8k. I strongly recommend writing down 5110C for your tokens (not to be confused with 5110), or buying it with physical delivery. Otherwise, there is a chance to get on the wrong seller and your certificate will be signed and other files. Which will greatly shorten its life span. The certificate's lifetime depends on the amount of traffic spilled and its audience. It can live for either a month or a year.
The certificate dies for 2 reasons - If it is revoked, or if you sign files with the defender detection. The certificate can also get a detectfrom defa. And then, when signing a completely clean file, you will catch the defa detector. He will stupidly remember your cert.
C) UAC is not exactly an alert. This is a request for a change in the system. For example, adding a defender to an exception. In other words, it is a request for admin rights. A lot of software works with low rights. So they don't require UAC. But there are solutions where admin rights are obtained without a request. Not public.
Now you understand that to work with viruses, you need to have a clean file that will not be cursed not only by AV (crypt), but also by Windows (EB Certificate)
Now let's think about what software would you like to work with? Let's start with the most popular virus
1) Stealers. There are a lot of them, from free varieties on github, to private solutions for$10,000.
malicious software designed to steal valuable data from an infected machine, such as cookies, usernames and passwords, and desktop screenshots.
Stealers are divided into 2 types. Resident and non-resident.
Non - resident stealer-after execution (data theft), it is deleted from the computer
Resident - lives in the computer's memory and, if necessary (for example, update cookies) performs its task again
Personally, I haven't worked with public stealers for a long time, but I've heard that Luma stealer is a good solution.
Stealers, work out in 3 directions. 1) Crypt, 2) CC collection, 3) Collection of payment systems (Banks, Paypal, Amazon, etc.)
Stealer steals data: Cookies (Cookies are small pieces of text transmitted to the browser from the site you open. They help the site remember information about your sessions.)
Passwords and usernames that you save when visiting sites
Also your payment details
2) HVNC. This is the same VNC (Remote Desktop) but only hidden. You work with Yandex. Money accounts, but secretly. If in the case of stealer - you try to be as similar as possible to CH, then in this case CH = YOU. YOU = CH.
HVNC is only resident and lives on the computer until your file (stub) starts to burn. Therefore, the best solution is to load the reflex dll through the loader, which will live in the PC's memory.
This way your bot will live for months on the PC
3) What is a loader-dropper?
A dropper is a shim between your virus and the victim's PC. Its task is to launch your Trojan and remove itself from the PC.
A loader is the same droper, but in most cases it is resident and has different functionality, not just running your payload.
Third - You got your own pet, bought an EV, scripted it, what to do next to earn money? That's right - now we need victims. There are a lot of options here. From spam with your hands on tg, uploading videos to YouTube and up to contextual advertising.
The first thing that needs to be disassembled is the crypt, because without it, there will be no work:
Crypt-this is the shell (encryption) of the file for what would be AV (antivirus) didn't detect your file
Prices start at $ 100 per file. There are also cheaper options.
You can get a unique (private)payment. a stub that will last much longer. Or make a public stub. But in this case, they crypt not only you, but also other clients. this means that your file will start burning faster.
As for the FUD file. (0/32) - this is not necessary for a beginner. I would say that the most important thing is that the def is clean. Not only in statics, but also in dynamics. Tc def accounts for more than 60% of devices.
(NEVER UPLOAD ENCRYPTED FILES TO VIRUSTOTAL!!!!)
Second: Alerts
A) The most hated alert for beginners is the Google chrome alert. When downloading a file from your hosting (do not keep files on hostings), or vps - you will see 99.9% of the results.:
The file is rarely downloaded. It may be malicious.
Of the public solutions, I know only 1:
Premium dropbox account. Use it on your health.
B) SmartScreen. You will catch this window if you download the file from the Edge browser, or if you run the file on a PC.
This means that the mikes don't know your file. ( https://feedback.smartscreen.microsoft.com/feedback.aspx )
This alert can be circumvented by using an EV certificate. Its price ranges from 4k to 8k. I strongly recommend writing down 5110C for your tokens (not to be confused with 5110), or buying it with physical delivery. Otherwise, there is a chance to get on the wrong seller and your certificate will be signed and other files. Which will greatly shorten its life span. The certificate's lifetime depends on the amount of traffic spilled and its audience. It can live for either a month or a year.
The certificate dies for 2 reasons - If it is revoked, or if you sign files with the defender detection. The certificate can also get a detectfrom defa. And then, when signing a completely clean file, you will catch the defa detector. He will stupidly remember your cert.
C) UAC is not exactly an alert. This is a request for a change in the system. For example, adding a defender to an exception. In other words, it is a request for admin rights. A lot of software works with low rights. So they don't require UAC. But there are solutions where admin rights are obtained without a request. Not public.
Now you understand that to work with viruses, you need to have a clean file that will not be cursed not only by AV (crypt), but also by Windows (EB Certificate)
Now let's think about what software would you like to work with? Let's start with the most popular virus
1) Stealers. There are a lot of them, from free varieties on github, to private solutions for$10,000.
malicious software designed to steal valuable data from an infected machine, such as cookies, usernames and passwords, and desktop screenshots.
Stealers are divided into 2 types. Resident and non-resident.
Non - resident stealer-after execution (data theft), it is deleted from the computer
Resident - lives in the computer's memory and, if necessary (for example, update cookies) performs its task again
Personally, I haven't worked with public stealers for a long time, but I've heard that Luma stealer is a good solution.
Stealers, work out in 3 directions. 1) Crypt, 2) CC collection, 3) Collection of payment systems (Banks, Paypal, Amazon, etc.)
Stealer steals data: Cookies (Cookies are small pieces of text transmitted to the browser from the site you open. They help the site remember information about your sessions.)
Passwords and usernames that you save when visiting sites
Also your payment details
2) HVNC. This is the same VNC (Remote Desktop) but only hidden. You work with Yandex. Money accounts, but secretly. If in the case of stealer - you try to be as similar as possible to CH, then in this case CH = YOU. YOU = CH.
HVNC is only resident and lives on the computer until your file (stub) starts to burn. Therefore, the best solution is to load the reflex dll through the loader, which will live in the PC's memory.
This way your bot will live for months on the PC
3) What is a loader-dropper?
A dropper is a shim between your virus and the victim's PC. Its task is to launch your Trojan and remove itself from the PC.
A loader is the same droper, but in most cases it is resident and has different functionality, not just running your payload.
Third - You got your own pet, bought an EV, scripted it, what to do next to earn money? That's right - now we need victims. There are a lot of options here. From spam with your hands on tg, uploading videos to YouTube and up to contextual advertising.
