Pure C# PROOF OF CONCEPT Stealer that sends logs to PHP script that stores as txt DO NOT USE THIS POC SOFTWARE IN LIVE SYSTEMS!! I am not responsible for any damage or illegal acivities you start with this !! Also i want to make clear i am NOT a blackhat.
-
USB Spreading (Experimental, 2 Methods)
-
Get chromium based browser logins (Chrome, Edge, FireFox, Brave etc)
-
Get FileZilla logins (when there was no masterpassword)
-
Get some CDKeys from games
-
(Not implemented fully) Outlook
-
(Not implemented fully) OpenVPN , ProtonVPN, NordVPN logins
-
System Informations (IP , Country , PC Specs etc)
-
Uploads to PHP Server that stores the logs as txt files.
-
Logfiles are encoded with special lambda methods.
-
Logfiles are uploaded invisible to Fiddler / Wireshark network analyzers
-
Does not leave a trace on the filesystem when ran in mem or USB.
-- Requirements
- Webspace ( 100MB Minimum)
- IP or Domain
- Visual Studio 2019 or other IDE
Now the full way to use this framework :
-
Upload the contents of the Folder called "SERVER" to your webspace and CHMOD 777 the php file and logs folder
-
Go to the folder called "Stealer" and open the Visual Studio file , then compile WhistlerDecoder and start it.
-
Enter your webspace URL or IP path (http://yourIPorDomain.com/server.php) for example
-
Click ENCODE and copy the now generated encoded text of your IP / Domain
-
find the Project called Whistler -> open the code of frmMain.cs of the stealer and find line 28 "urlToServer" , replace the "xxx" string with the encoded string from the decoder.
-
Make changes to the code / add / remove stuff as you wish , then compile the software
-
Done :) You can now use the stealer and logs are getting saved to the logs folder you uploaded to the webspace.
- TODO - Make the code FUD
- TODO - Add more encryption to the traffic
- TODO - Add dynamic URL / IP Check for server finding after a defined pattern so the stealer will upload logs to any server matching the pattern when one server goes offline
- TODO - Add batch decoding of entire folders of logs to the Decoder
- TODO - Add Webpanel to preview logs (how to decode in PHP)
- BUG - Stealer maybe wont upload logs when the OS is using a systemproxy ?
- BUG - Stealer wont upload on windows 7 - FIXED - Setting SSL configs before uploading for SSL servers
- Echelon Stealer
- Infected-Forums
- Github
- Splamy