So good time of the day.
I recently decided to take a break and decided to start testing various methods of assembling steelacs (tested on public software, not on my own) and other scam software, a drainer.
From: Google ads, the theme is crypto, through hvnc, since you don’t need to bother with proxies and it’s much more convenient this way. Lil from June 1 to June 18, 2023. Statistics are given for them. All sites except for certain software \ drainers \ games were the same, keywords too.
Sites: purchased domains with little indexing in the past in google, normal servers, not fresh ssl. The sites were spinning a bit whitewashed, as were the files before the start of the advertising campaigns. Sites are not one-page - there are politics, terms, private policy, advertising policy cookies. So the site has unique icons (just converted original ones), unique meta data and headers, analytics from google is connected to each site.
Let's get started.
1) Normal rar archive with a password of 10 characters. The file was inflated to 960 mb. The icon is unique. Fake signature. Issuance - by link to the site (not a file exchanger) (https://domain.com/file.rar)
![[Image: 56d753dad7b6ce7f8ab4c.png]](/proxy.php?image=https%3A%2F%2Fexternal-content.duckduckgo.com%2Fiu%2F%3Fu%3Dhttps%253A%252F%252Ftelegra.ph%252Ffile%252F56d753dad7b6ce7f8ab4c.png&hash=6aec5ba2a5f5200a106c6d9d94862550 "[Image: 56d753dad7b6ce7f8ab4c.png]")
Moved to the site - 3950
Downloaded - 2159
Launched - 312 times
The income was meager and it was downloaded by almost empty accounts, there is practically no crypt in them.
2) Building MSIX without a launcher. Label for stealer 960 mb. The icon is unique. Fake signature. Issuance - by link to the site (not a file exchanger) (https://domain.com/file.msix)
![[Image: 8dfdf6dcca6f1a21be312.png]](/proxy.php?image=https%3A%2F%2Fexternal-content.duckduckgo.com%2Fiu%2F%3Fu%3Dhttps%253A%252F%252Ftelegra.ph%252Ffile%252F8dfdf6dcca6f1a21be312.png&hash=df16bd6d0614a58ef80ee558012fcb4e "[Image: 8dfdf6dcca6f1a21be312.png]")
Went to the site - 4367
Downloaded - 3485
Launched - 862 times
It's much better here. Income, of course, is not a direct topchik, since it poured directly to the installer where the stealer is located. On some computers I caught a smart screen. The assembly took place in advanced installer. I just threw garbage and folders nearby and made a label on the stealer. How to work with advanced installer
as an example.
3) Building EXE without a launcher. Label for stealer 960 mb. The icon is unique. Fake signature. Issuance - by link to the site (not a file exchanger) (https://domain.com/file.exe)
![[Image: f28744702625eaa307ddd.png]](/proxy.php?image=https%3A%2F%2Fexternal-content.duckduckgo.com%2Fiu%2F%3Fu%3Dhttps%253A%252F%252Ftelegra.ph%252Ffile%252Ff28744702625eaa307ddd.png&hash=b348bf2f49e9e2105c3f71c2898f616d "[Image: f28744702625eaa307ddd.png]")
Went to the site - 4371
Downloaded - 2854
Launched - 908 times
It's already much better than the archive. Income, of course, is not a direct topchik, since it poured directly to the installer where the stealer is located. On some computers I caught a smart screen. The assembly took place in InstallShield. I just threw garbage and folders nearby and made a label on the stealer. How to work with InstallShield
as an example.
4) Building EXE with launcher. Desktop shortcut to the launcher that downloads the file. The icon is unique. Fake signature. Issuance - by link to the site (not a file exchanger) (https://domain.com/file.rar).
![[Image: 52f40f0751cd56fc8e930.png]](/proxy.php?image=https%3A%2F%2Fexternal-content.duckduckgo.com%2Fiu%2F%3Fu%3Dhttps%253A%252F%252Ftelegra.ph%252Ffile%252F52f40f0751cd56fc8e930.png&hash=e050afa4b6944a408fe489649343d4e2 "[Image: 52f40f0751cd56fc8e930.png]")
![[Image: fd828fc50875c156ffd9a.png]](/proxy.php?image=https%3A%2F%2Fexternal-content.duckduckgo.com%2Fiu%2F%3Fu%3Dhttps%253A%252F%252Ftelegra.ph%252Ffile%252Ffd828fc50875c156ffd9a.png&hash=470e63798b94aa85ab192ef47a0ec132 "[Image: fd828fc50875c156ffd9a.png]")
When you click on the "Login" button, the stealer is loaded and launched. The software is written in c#. An example of a lesson is
on c# wpf, if you learn a little you can write simple launchers yourself, the main thing is that your stealer's crypt is FUD.
![[Image: b77684e81e9f463f69a45.png]](/proxy.php?image=https%3A%2F%2Fexternal-content.duckduckgo.com%2Fiu%2F%3Fu%3Dhttps%253A%252F%252Ftelegra.ph%252Ffile%252Fb77684e81e9f463f69a45.png&hash=fd4a387387e515ead95265dc0ce944a5 "[Image: b77684e81e9f463f69a45.png]")
Went to the site - 4874
Downloaded - 3052
Launched - 1628 times
This is much better than before, since the software is white and there is nothing but 1 function in it that pumps up and launches your stealer. Much easier to work with this method. Earnings already matched.
5) Scam on seed phrases. Site copy https://stargate.finance/transfer from layerzero. Full copy except for meta data and headers with icons. When trying, a fake metamask window was displayed stating that it was necessary to enter a seed phrase. It is very stupid and old, but there is someone who is still going on.
![[Image: 2674ee5c7db5f41a0f885.png]](/proxy.php?image=https%3A%2F%2Fexternal-content.duckduckgo.com%2Fiu%2F%3Fu%3Dhttps%253A%252F%252Ftelegra.ph%252Ffile%252F2674ee5c7db5f41a0f885.png&hash=c6af65186c2ceba26b511ae16a0325d4 "[Image: 2674ee5c7db5f41a0f885.png]")
Went to the site - 13687 times. A total of 492 phrases were received. The income is good.
![[Image: 82205613fdc59572ddd7e.png]](/proxy.php?image=https%3A%2F%2Fexternal-content.duckduckgo.com%2Fiu%2F%3Fu%3Dhttps%253A%252F%252Ftelegra.ph%252Ffile%252F82205613fdc59572ddd7e.png&hash=6e598397d68d5701a164bdeb57d78595 "[Image: 82205613fdc59572ddd7e.png]")
6) Drainer. Site copy https://stargate.finance/transfer from layerzero. Full copy except for meta data and headers with icons. Drainer did not take a public test from a friend, but judging by the functions, it does not differ much from public ones.
![[Image: 75c4fea41a36498f9b9ab.png]](/proxy.php?image=https%3A%2F%2Fexternal-content.duckduckgo.com%2Fiu%2F%3Fu%3Dhttps%253A%252F%252Ftelegra.ph%252Ffile%252F75c4fea41a36498f9b9ab.png&hash=13f03ce9730e635e6fff24b3e2eb51da "[Image: 75c4fea41a36498f9b9ab.png]")
Went to the site - 12906 times. Total received 4730 usd. The income is good.
7) Scam game on seed phrases. The original download site for the game. When registering, it asks to enter a seed phrase and some other data. The project is built on Unreal Engine 5. After entering the data, he says that thanks for the pre-registration. Gameplay - no. Registration data is sent to the server in mysql.
![[Image: b802c1d23bb209d0519ed.png]](/proxy.php?image=https%3A%2F%2Fexternal-content.duckduckgo.com%2Fiu%2F%3Fu%3Dhttps%253A%252F%252Ftelegra.ph%252Ffile%252Fb802c1d23bb209d0519ed.png&hash=2adf1ea1f713cc5dcf6abb20a2d84eb8 "[Image: b802c1d23bb209d0519ed.png]")
![[Image: 59ec27ffaf6a635f2c0b1.png]](/proxy.php?image=https%3A%2F%2Fexternal-content.duckduckgo.com%2Fiu%2F%3Fu%3Dhttps%253A%252F%252Ftelegra.ph%252Ffile%252F59ec27ffaf6a635f2c0b1.png&hash=d2fe896007d617502041bb9f0a514c0d "[Image: 59ec27ffaf6a635f2c0b1.png]")
We went to the site - 6705 times
Downloaded the game - 5907 times
In total, I received 3206 seed phrases, most of them are empty, but still the earnings turned out to be quite good.
Judging by these statistics, you can judge for yourself which method suits you best and how best to pour. If you need to fake a signature then use SigThief - https://github.com/secretsquirrel/SigThief If you need to add blank bytes to a file so people don't upload them to virustotal - https://github.com/NoneNameDeveloper/XFilePumper
If u work with seeds or logs and u traffic creator - https://crdpro.cc/threads/help-find-crypto-in-logs-phrases-seeds-brute-windraft-api-keys.36660/
Original at RU lang writed from me https://telegra.ph/Testy-traffika-06-1
I recently decided to take a break and decided to start testing various methods of assembling steelacs (tested on public software, not on my own) and other scam software, a drainer.
From: Google ads, the theme is crypto, through hvnc, since you don’t need to bother with proxies and it’s much more convenient this way. Lil from June 1 to June 18, 2023. Statistics are given for them. All sites except for certain software \ drainers \ games were the same, keywords too.
Sites: purchased domains with little indexing in the past in google, normal servers, not fresh ssl. The sites were spinning a bit whitewashed, as were the files before the start of the advertising campaigns. Sites are not one-page - there are politics, terms, private policy, advertising policy cookies. So the site has unique icons (just converted original ones), unique meta data and headers, analytics from google is connected to each site.
Let's get started.
1) Normal rar archive with a password of 10 characters. The file was inflated to 960 mb. The icon is unique. Fake signature. Issuance - by link to the site (not a file exchanger) (https://domain.com/file.rar)
Moved to the site - 3950
Downloaded - 2159
Launched - 312 times
The income was meager and it was downloaded by almost empty accounts, there is practically no crypt in them.
2) Building MSIX without a launcher. Label for stealer 960 mb. The icon is unique. Fake signature. Issuance - by link to the site (not a file exchanger) (https://domain.com/file.msix)
Went to the site - 4367
Downloaded - 3485
Launched - 862 times
It's much better here. Income, of course, is not a direct topchik, since it poured directly to the installer where the stealer is located. On some computers I caught a smart screen. The assembly took place in advanced installer. I just threw garbage and folders nearby and made a label on the stealer. How to work with advanced installer
3) Building EXE without a launcher. Label for stealer 960 mb. The icon is unique. Fake signature. Issuance - by link to the site (not a file exchanger) (https://domain.com/file.exe)
Went to the site - 4371
Downloaded - 2854
Launched - 908 times
It's already much better than the archive. Income, of course, is not a direct topchik, since it poured directly to the installer where the stealer is located. On some computers I caught a smart screen. The assembly took place in InstallShield. I just threw garbage and folders nearby and made a label on the stealer. How to work with InstallShield
4) Building EXE with launcher. Desktop shortcut to the launcher that downloads the file. The icon is unique. Fake signature. Issuance - by link to the site (not a file exchanger) (https://domain.com/file.rar).
When you click on the "Login" button, the stealer is loaded and launched. The software is written in c#. An example of a lesson is
Went to the site - 4874
Downloaded - 3052
Launched - 1628 times
This is much better than before, since the software is white and there is nothing but 1 function in it that pumps up and launches your stealer. Much easier to work with this method. Earnings already matched.
5) Scam on seed phrases. Site copy https://stargate.finance/transfer from layerzero. Full copy except for meta data and headers with icons. When trying, a fake metamask window was displayed stating that it was necessary to enter a seed phrase. It is very stupid and old, but there is someone who is still going on.
Went to the site - 13687 times. A total of 492 phrases were received. The income is good.
6) Drainer. Site copy https://stargate.finance/transfer from layerzero. Full copy except for meta data and headers with icons. Drainer did not take a public test from a friend, but judging by the functions, it does not differ much from public ones.
Went to the site - 12906 times. Total received 4730 usd. The income is good.
7) Scam game on seed phrases. The original download site for the game. When registering, it asks to enter a seed phrase and some other data. The project is built on Unreal Engine 5. After entering the data, he says that thanks for the pre-registration. Gameplay - no. Registration data is sent to the server in mysql.
We went to the site - 6705 times
Downloaded the game - 5907 times
In total, I received 3206 seed phrases, most of them are empty, but still the earnings turned out to be quite good.
Judging by these statistics, you can judge for yourself which method suits you best and how best to pour. If you need to fake a signature then use SigThief - https://github.com/secretsquirrel/SigThief If you need to add blank bytes to a file so people don't upload them to virustotal - https://github.com/NoneNameDeveloper/XFilePumper
If u work with seeds or logs and u traffic creator - https://crdpro.cc/threads/help-find-crypto-in-logs-phrases-seeds-brute-windraft-api-keys.36660/
Original at RU lang writed from me https://telegra.ph/Testy-traffika-06-1
