A Scambaiter (Impostor) who is trying to rat people using GDI malware

Well, for me he is the worse skid ever.

Archevod#5893 (820320479809503263)
Rat Name: njRAT 0.5.7B
C2 Servers: virtual-rome.at.ply.gg:1111, virtual-rome.at.ply.gg:62832
aes_plain: NhUB2nb2oCkfShAD2XtTA0lSizMGdBfl

Main Exe:

The file is zip archive which contains a two files. Glitcher.exe and glitcher_loader.exe The glitcher.exe is safe file which is the gdi.
Glitcher_loader is C# which contains an resource file with decryptor.
After you decrypt the file the results are njRAT

VirusTotal Scan → VirusTotal

Tria.ge → Triage | Malware sandboxing report by Hatching Triage

He renamed his tunnel “njRAT”


his decryptor

1 Like

Files: MalShare (Encrypted rat)
MalShare (Decrypted)

Something seems a little personal here.

1 Like

@Archevod bro GDI malwares are harmless, damage more than overwrite 0-sector (MBR) u can’t make.

1 Like

Let’s keep this discussion civil please

1 Like

yes, thank you

“njrat 0.5.7b” skiddy you dont even know rat versions