HTTP Banking Botnet Ro3b

By mathio.dz

Telgram : @machiana / mathio dz

Update : 2021 - 02 - 03

WebGrabbing :

# PayPal Email - Password 
# Grab credit card - cvv 

Features :

• Remote code execution * CMD - powershell *
• Stealer - Credit Card # Password # Cookies
  Browser supported based on chromeium :

  - Chrome
  - Chromium
  - Edge
  - Maxthon3
  - YandexBrowser
  - Opera
  - Sputnik
  - Mail.Ru
  - Brave
  - ChromePlus
  - Iridium
  - 7Star
  - epicPrivacyBrowser
  - CentBrowser
  - ElementsBrowser
  - Chedot
  - Vivaldi
  - Kometa
  - uCozMedia
  - Sleipnir5
  - Citrio
  - Coowon
  - liebao
  - QIP.Surf
  - Orbitum
  - Amigo
  - Torch
  - Comodo
  - 360Browser
  - Nichrome
  - CocCoc
  - Uran
  - Chromodo
  
  Browser supported based on Firefox :

  - Firefox
  - Waterfox
  - K-Meleon
  - Thunderbird
  - IceDragon
  - Cyberfox
  - BlackHaw
  - PaleMoon

- Credit Card	[ Full name - card number - cvv - date expired - card type  ]
- Password	[ Website - username - password ]
- Cookies	[ Host - cookies content - expired date  ]

• Clipper

  Wallet supported :

  - Bitcoin
  - Ethereum
  - Monero
  - Stellar
  - Ripple
  - Litecoin
  - Neocoin
  - Bitcoin Cash
  - Bytecoin
  - Cardano
  - Graft
  - Zcash
  - Bitcoin Gold
  - Waves
  - ReddCoin
  - BlackCoin
  - Emercoin
  - Stratis
  - Qtum
  - Viacoin
  - Lisk
  - Dogecoin
  - Dashcoin
  
  

• Ransomware (encrypt files using AES256 )

• Advance Keylogger (send data realtime )

• Download file and execution

• Autorun - Mutex - AntiVM - AntiScan

Video Demo : https://youtu.be/sy2wP4rz6gY

TODO

• HVNC / HRDP connection
• Desktop Controller C2
• ADD android client