Archevod impersonator spreading RATs

Wall of Shame
1

Well, for me he is the worse skid ever.

Information:
Archevod#5893 (820320479809503263)
Rat Name: njRAT 0.5.7B
C2 Servers: virtual-rome.at.ply.gg:1111, virtual-rome.at.ply.gg:62832
aes_plain: NhUB2nb2oCkfShAD2XtTA0lSizMGdBfl

Main Exe:

https://cdn.discordapp.com/attachments/1070760954939326464/1070761077694009394/Glitcher.exe

The file is zip archive which contains a two files. Glitcher.exe and glitcher_loader.exe The glitcher.exe is safe file which is the gdi.
Glitcher_loader is C# which contains an resource file with decryptor.
After you decrypt the file the results are njRAT

VirusTotal Scan → VirusTotal

Tria.ge → asyncrat | 3ff4956f284c2d0b5a1c8b32e1b73977f05508a814aae92e5aa7919aaf0b3e10 | Triage

image
image440×353 32 KB

He renamed his tunnel “njRAT”

2 Likes
4

image
image1201×432 19.4 KB

his decryptor

1 Like
5

Files: MalShare (Encrypted rat)
MalShare (Decrypted)

7

Something seems a little personal here.

1 Like
10

@Archevod bro GDI malwares are harmless, damage more than overwrite 0-sector (MBR) u can’t make.

1 Like
16

Let’s keep this discussion civil please

1 Like
17

yes, thank you

19

Looks like the impersonator is trying to get revenge again, so just remember: my old discord was archevod (all lowercase) #3730, and not #5893.