Modules
See below for each modules documentation
To get to modules right click a call back and you will see the following options
| Surveillance |
|---|
Remote Shell |
Remote Screen |
Remote Camera |
Remote Regedit |
File Manager |
Process Manager |
Netstat |
Record |
Program Notifications (Start | Stop) |
Remote Shell
Exactly what it sounds like
Click on the module wait for below to appear
This is a
cmd.exeprompt not a powershell prompt!Use the white bar at the bottom to execute commands
Remote Screen
Also exactly what it sounds like
View the remote screen of the remote system
It can take a second to load, please be patient.
Screen sharing can be controlled (off/on) with the
Startbutton at the top leftOption to
View onlyor control the remote machine via yourmouseandkeyboardTo turn either on press the respective button at the top
Can also take auto screenshots with the
Camerabutton also at the topBy default it will capture the screen every ~3 seconds
IMO that is far too fast, I am working on tuning it to roughly every 30 seconds to drop the amount of network traffic that is required with the screenshots.
Remote Camera
View the remote systems webcam
Requires loading
RemoteCamera.dllinto memory which will happen automaticallyIf no camera if found the pop up will exit automatically
Remote Regedit
Remotely view the registry in addition to creation of new keys or modification of existing keys
To create a new key click on
Editat the top and follow the promptsIt is nearly identical to the normal
Regeditprogram on Windows
File Manager
File manager for remote upload, download, compressing and general file manager options
Just point and click
To move up a directory after traversing down the file system ensure you
Right Click --> BackThat took me longer to figure out than I care to admit pubically
When you download a file a
ClientsFolderwill get created, you can find your exfil'ed file there
Process Manager
Exactly like it sounds
View running process
Right Click to
RefreshorKilla specific processRefreshes pulls a up to date process list
It is better opsec to not constantly upload as that can greatly increate the amount of network traffic
Netstat
Exactly like it sounds
View network connection on the remote host
Right Clickand selectRefreshorKillSelecting
Killattempts to kill the process creating that network connection
Record
Record the audio off the remote systems microphone
If the remote system has no microphone you will get an error in the logs
Requires the
Audio.dllfile to be automatically loaded onto the remote systems memory
Program Notification
Alert the operator when a specific remote process is launched on the system
Defaults to
Uplay,QQ,Chrome,Edge,Word,Excel,PowerPoint,Epic,SteamCurrently changed to:
| Control | |||
|---|---|---|---|
Send File --> | From URL | Send File to Disk | Send File to Memory |
Run Shellcode | |||
Message Box | |||
Chat | |||
Visit Website | |||
Change Wallpaper | |||
Keylogger | |||
File Search |
Send File
Run Shellcode
MessageBox
Chat
Visit Website
Change Wallpaper
Keylogger
File Search
| Malware | ||
|---|---|---|
DDOS | ||
Ransomware --> | Encrypt | Decrypt |
Disable WD | ||
Password Recovery | ||
Disable UAC |
DDOS
Ransomware
Disable WD
Password Recovery
Disable UAC
-- All modules not currently listed yet
Last updated
