OP 24 September, 2023 - 05:38 AM
Beginner's Guide to starting out & making money with malware.
Choosing your malware, Making your payload FUD, Spreading, Monetization, Staying Anonymous & Useful Resources.
Choosing your malware, Making your payload FUD, Spreading, Monetization, Staying Anonymous & Useful Resources.
Product & Service List
- Slezer's Spreading Method - Private, efficient & scalable spreading method for any niche.
- Slezer's Malware Mentoring Service - Want to start ratting & silent mining? I got you.
- Slezer's Setup Service - Want to start ratting & silent mining? I got you.
- [FUD] [2KB] zLoader Antivirus Bypass - Assembly x86 Shellcode Loader
- GoldBrute RDP Bruteforcer & Botnet - Get 100+ RDPs per day with bruteforcing
To make a purchase or clarify any concerns, message me on Telegram @slezercc or [email protected] on Jabber, the contract system will be used for all purchases. Anyone on Telegram claiming to be me is not me unless their username is "slezercc".
In this thread I will cover most things a newbie in the malware scene must know before starting out. Feel free to reply to this thread if you have any questions and I'll do my best to help.
Introduction
The first and most important thing you must keep in mind is your main goal, if your main goal is making money, then keep reading, if not, I can't guarantee this guide will be good for you. A common way of accomplishing this goal with malware nowadays is silent mining. To get a good setup, I recommend you find a RAT/Loader malware that suits your need, my personal setup goes something like this :
I like to use Warzone RAT as my main payload for it's many persistence features that allow you to keep your bots alive for longer times, I then use the auto task feature to execute a UAC bypass of mine that after executes my silent miner (Unam Sanctam's Silent Miner). The reason for the UAC bypass is to bypass the administrator rights permission prompt that is required by my miner's settings to work. I mine Ravn
The reason you should spread a loader or a RAT with remote file execution features is that having post-infection control on your bots is essential, for example, you don't want to be spreading a silent miner alone, because you will not have the opportunity to maximize the profit from these installs post-execution. On the other side, when spreading a RAT or a loader, you will be able to execute other payloads than, here in this example a silent miner, on your bots. This is key, you want to be able to keep control on your bots.
If you choose to go for a loader, I suggest you buy Amadey Loader, which is sold for 600$ or Smoke Loader for 400$ on a forum which I can not mention the name of if I don't want to get warned here. Another great and cheap option I would recommend is Warzone RAT, it has many persistence features to avoid losing your bots and is being sold for around 40$ per month, or 75$ for 3 months. Like I said, good software will most of the time, be paid. For a free RAT, I suggest using DcRat, it is open source and pretty stable from my experience.
Making your payload FUD
Now don't go and spread your shitty DcRat executable just yet, your exe needs to be FUD (Fully Undetectable) by antivirus software, or almost, at least. To do this, you can choose to get scammed here by buying a garbage 100$ public crypter or pay a few hundred dollars and get a better, private crypter. If you don't want to spend that much money on that, I would recommend you use a dropper/shellcode loader, this is probably the most used alternative to crypting. Some people also use LNK/URL "exploits" which are not really exploits, but simple powershell or batch command shortcuts with downloading or memory loading features. To check detections on your payload, you can scroll down to the end of this thread where I included a list of file scanning services that don't distribute results to antivirus companies. Never use VirusTotal, because they share scan results and will end up getting your file even more detected.
Note: Scantime means when an antivirus scans your file before it gets executed, runtime is whether or not antiviruses detect your payload when it gets executed.
Spreading your payload
This is the step where most losers will give up, or decide to buy installs. I'm warning you, spreading is not that easy when you're starting out, but once you get the hang of it, it's smooth sailing. In this section, I will cover a few known spreading methods and the ones I recommend the most.
Before I go any further, I strongly recommend you stay away from bot/install shops, these installs are shared and most people who buy these are already mining on the bots, and their logs are most likely raped to hell and back. So please save your time and stay away from these.
1. Landing Pages
Landing Pages are websites which exist with the sole purpose of spreading malware. They're basically websites offering a fake piece of software which is appealing to download. Landing pages require traffic to function properly, there are many ways to get traffic to a website, such as SEO, Google Ads and YouTube, for example. It is also worth mentioning that most landing pages use WordPress. Landing Pages are pretty much the meta currently in spreading due to the fact that they will spread your payload on autopilot once they are receive enough traffic.
2. Advanced YouTube Spreading
YouTube Spreading is known to be oversaturated but with this twist to the classic version of this method, you can get nice amounts of installs. This method implies buying or obtaining in any way YouTube account cookies (cookies are a piece of data that can be used by anyone to log into an account, think of it as a password, kinda.). The channels you get the cookies from need to have at least 1k subscribers, once you have some channel cookies, which I won't cover how to get in this thread, you create a video for a game cheat, for example (if you think of something unique, it will work better) and upload your video on the channels with a link to your payload in the description. Since the channels already have a decent following they will get more exposure statistically.
3. Torrent Spreading
Torrent spreading has been around for the longest times, it is still a thing but has become harder to perform efficiently over time due to measures that have been put in place by torrenting websites. To torrent spread, you will need an account on popular torrent sotes such as #, TorrentGalaxy, Torrenting, Demonoid, etc. Ranked accounts on these websites are being sold to make this part easier. When you have a ranked account with the ability to upload in the software / cracked games section, you will need your payload to be FUD to avoid being banned. You then have 2 options, bind your payload to real cracked software from those torrent sites, or make a launcher payload that launches the cracked software's exe and your FUD paylod's exe.
Profiting from installs (Monetization)
The first method I would recommend is the most straightforward, silent mining. I would recommend anyone to use this miner: Unam Sanctam Silent Miner, it is free and open source, it has fairly profitable algorithms like Kawpow (RVN) and is the miner with the most persistence, compred to Pure Miner which barely has any, and is being sold. I would not recommend Pure Miner unless you are fine with losing bots. With this method you will need a decent amount of bots to make good profit but I still recommend it when starting because it is the easiest and most simple way to monetize installs. It will give you a good example that silent mining can be very profitable when practiced on a large scale.
The second method I would recommend is harvesting credentials & cookies. For this you will need a stealer. There pretty much isn't any free and reliable stealers I can think of at the moment. Over on the paid side I would recommend Pure Logs if you're starting out. Once you start getting cookies and credentials you can decide to sell them by finding buyers or if you end up getting crypto wallet accounts or something of the sort you can try logging into them and emptying the accounts yourself.
The third method I would recommend requires more experience and a lot of bots but you can make some decent profit from this one if you do it correctly. Using some RATs or specialized tools, you can turn your bots into reverse proxies. You can then sell these proxies as residential proxies. You can choose to create an autobuy website to automate the selling process.
Staying Anonymous (OpSec)
Staying anonymous is a very important thing to keep in mind when doing malware. Unless you want to get federal agents knocking on your door, I strongly believe everyone should use these tips.
First of all, get an actually good VPN; Now don't go and buy NordVPN or other dogshit VPNs that keep logs. I personally recommend using Mullvad VPN. Please keep in mind that using a VPN does not automatically make you anonymous, it does far less than that, all a VPN does is 'hide' your IP address & encrypt your internet traffic. This does not necessarily mean nobody can view that traffic. The burden of trust of your traffic shifts from your ISP (Internet Service Provider) to your VPN company. Mullvad has sort of proven that they do not keep logs. Their headquarters in Sweden were raided by police with the goal of finding logs and they left empty handed; here is their article which covers it more in detail. Mullvad also only costs 5$ per month (can be payed with cryptocurrency, including Monero) and does not require any of your info to create an account on their site.
I also recommend you don't use Google Chrome or Microsoft Edge. You should use a better option like Firefox or Tor if you want to go wild. Browsers like Chrome and Edge are owned by companies who are known to collect data, which is the reason I would advise against using these.
One of the first things I would also do if I was starting out is buy an RDP from a bulletproof provider and keeping all your malware and compromising files on there. This way, when you need to do get some dirty work done, you can connect to your RDP, connect to your VPN and/or hop on Tor and get your work done, all within your RDP. You should also keep a copy of the files you put in your RDP on a USB drive of yours, so that in the event of your hosting company going down, you wouldn't be absolutely fucked (talking from experience). You should of course keep the files on your USB drive encrypted, I have written a tool myself to do that easily, it uses AES encryption and supports multiple layers of encryption with different algorithms for additional protection ; you can download that tool called zCrypt on my GitHub.
This is extremely important : You should never connect to your RDP/VPS related to malware/spooky shit under your actual IP address, at least hide your IP with a VPN when connecting to it to avoid linking your IP addresses to these boxes in case of an investigation.
One good thing to take note of is that : Convenience decreases with the more OpSec measures you put in place ; this means that by trying to stay anonymous, you will put in measures that can & will take time off you by : slowing down your internet speeds (by using Tor or a VPN, or both.), 'wasting' time to encrypt files that can be compromising in the case of a police investigation, etc.
Resources (Scanners, Server Providers, RATs, Silent Miners, & More)
Scanners
https://websec.nl/scanner (Scantime) - 40 Antiviruses & Unlimited scans.
https://avcheck.net/ (Scantime) - 26 Antiviruses & 0.1$ per scan.
https://scanner.to/ (Runtime) - 21 Antiviruses & 1$ per scan.
https://checkzilla.io/ (Runtime) - 18 Antiviruses & 1$ per scan.
Server Providers
Bullethost.net
PrivateAlps
CrazyRDP
RATs
Warzone RAT (Paid)
DcRat (Free)
This pretty much sums it up, if you guys want me to go more in detail about a specific part of this guide, let me know. And again, if you need help with anything, feel free to message me here or on Telegram and I will be glad to help :)
![[Image: pepecaught.gif]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fstatic.cracked.io%2Fimages%2Fsmilies%2Fpepecaught.gif)