This is a C++ stealer which is being actively improved upon, with the help we receive from our active community.BROWSERSInformation is obtained from all the profiles from all chromium-based (the most
This is a C++ stealer which is being actively improved upon, with the help we receive from our active community.
Information is obtained from all the profiles from all chromium-based (the most used) browsers, and firefox.
We collect: credit card data, autofill, history, all extensions which include 71 crypto wallets and various authenticators, local storage, downloads, and much more. Essentially, all the information is collected.
All of the discord tokens are extracted from: the regular client, discord canary, ptb discord and browser local storage
Wallet information is collected from 25 wallets, with new ones being actively added.
SENSITIVE DIRECTORIES AND FILES
We have studied real world scenarios, and came up with advanced filters that will fetch you sensitive information related to cryptocurrency wallets, bank accounts, passwords, private keys, etc.
The stealer gets recently opened .txt files, recursively iterates through the computer to find sensitive information, steals github and visual studio code repositories (with bloat removed), gets .txt files from desktop, documents, etc
Information is obtained from WinSCP and FileZilla
We collect system information, which includes the HWID, IP, timezone, computer language, RAM, CPU information, etc
ANTI-DEBUGGING, EVASION TECHNIQUES
We use anti-debug/anti-virustotal/anti-vm techniques which complicate analysis of the malware. Your link will be encrypted in the stealer file.
Sensitive operations are performed through syscalls, which make them harder to detect by AVs and analysts, and all strings are encrypted.