BOFAMET STEALER | Credit: Rigolit

[pinkman]

This is a comprehensive solution for collecting data from target systems, consisting of a collector module (stealer) and a centralized command and control (C2) server. The collector, written in Python, is compiled into a separate executable file for Windows, and the collected data is transmitted to the C2 server, developed using FastAPI.

Features:

• Retrieves saved login credentials (usernames, passwords) from a wide range of web browsers (Chrome, Edge, Opera, Yandex, Brave, Vivaldi, Slimjet, Falkon, SeaMonkey, Maxthon, Pale Moon, Qutebrowser, Iridium, CentBrowser, Tor).
• Collects browser cookie files for potential authentication bypass.
• Extracts browsing history and autofill form data from supported browsers.
• Operating System (type, version).
• Hardware (processor, core count, RAM, disk space information).
• Network configuration (local IP address, MAC address, Wi-Fi SSID, and BSSID data).
• User information (username, computer name).
• Public IP address identification and geolocation data (city, region, country, latitude, longitude).
• Desktop Screenshot: Captures an image of the current desktop of the target system.
• Telegram Session Extraction: Attempts to retrieve local Telegram session files (by forcibly terminating the Telegram process to gain access to session files).
• AyuGram Session Extraction: Attempts to retrieve local AyuGram session files.
• Discord Token Discovery: Scans the system for Discord authentication tokens in various locations.
• Steam Configuration: Copies configuration files of the Steam client.
• Epic Games Configuration: Copies configuration files of the Epic client.
• Targeted File Exfiltration: Searches for and steals files with specific extensions (.doc, .docx, .xls, .xlsx, .ppt, .pptx, .pdf, .bmp) from user directories.
• Crypto Wallet Extraction: Identifies and copies files associated with cryptocurrency wallets (e.g., wallet.dat, key.json, keystore, mnemonic.txt, seed.txt, as well as SSH keys like id_rsa).
• Data Transmission: Archives all collected data into ZIP files (partitioning into parts if necessary due to size limits) and subsequently transmits them, along with system information and geolocation data, to the configured C2 server.
  download:
  To view the content, you need to Sign In or Register.

 

[poisonwhiskey]

Appreciated gang

 

[xxF]

ty

 

[vape10]

good

 

[Drogg11]

+

 

[perc550]

qwe

 

[iq_drake]

qwe

 

[isagi50550]

+

 

[richardst189]

++

 

[kassas77777]

good

 

[drinn]

Appreciated

 

[sexysexy6540]

respect

 

[Baybefire]

这是一个用于从目标系统采集数据的综合解决方案，由一个采集模块（窃取器）和一个集中式指挥控制（C2）服务器组成。采集模块用Python编写，编译成一个独立的Windows可执行文件，采集到的数据被传输到使用FastAPI开发的C2服务器。

特征：

• 从各种网络浏览器（Chrome、Edge、Opera、Yandex、Brave、Vivaldi、Slimjet、Falkon、SeaMonkey、Maxthon、Pale Moon、Qutebrowser、Iridium、CentBrowser、Tor）中检索已保存的登录凭据（用户名、密码）。
• 收集浏览器 cookie 文件，以防绕过身份验证。
• 从支持的浏览器中提取浏览历史记录和自动填充表单数据。
• 操作系统（类型、版本）。
• 硬件（处理器、核心数、内存、磁盘空间信息）。
• 网络配置（本地 IP 地址、MAC 地址、Wi-Fi SSID 和 BSSID 数据）。
• 用户信息（用户名、计算机名）。
• 公共 IP 地址识别和地理位置数据（城市、地区、国家、纬度、经度）。
• 桌面屏幕截图：捕获目标系统当前桌面的图像。
• Telegram 会话提取：尝试检索本地 Telegram 会话文件（通过强制终止 Telegram 进程来获取会话文件）。
• AyuGram 会话提取：尝试检索本地 AyuGram 会话文件。
• Discord Token 发现：扫描系统中各个位置的 Discord 身份验证令牌。
• Steam 配置：复制 Steam 客户端的配置文件。
• Epic Games 配置：复制 Epic 客户端的配置文件。
• 定向文件窃取：从用户目录中搜索并窃取具有特定扩展名（.doc、.docx、.xls、.xlsx、.ppt、.pptx、.pdf、.bmp）的文件。
• 加密钱包提取：识别并复制与加密货币钱包关联的文件（例如 wallet.dat、key.json、keystore、mnemonic.txt、seed.txt 以及 id_rsa 等 SSH 密钥）。
• 数据传输：将所有收集的数据归档到 ZIP 文件中（如有必要，由于文件大小限制，会将其分成多个部分），然后连同系统信息和地理位置数据一起传输到配置的 C2 服务器。
  下载：*** 隐藏文本：无法引用。***

t

 

[emaa's]

❤

 

[kibidzi]

This is a comprehensive solution for collecting data from target systems, consisting of a collector module (stealer) and a centralized command and control (C2) server. The collector, written in Python, is compiled into a separate executable file for Windows, and the collected data is transmitted to the C2 server, developed using FastAPI.

Features:

• Retrieves saved login credentials (usernames, passwords) from a wide range of web browsers (Chrome, Edge, Opera, Yandex, Brave, Vivaldi, Slimjet, Falkon, SeaMonkey, Maxthon, Pale Moon, Qutebrowser, Iridium, CentBrowser, Tor).
• Collects browser cookie files for potential authentication bypass.
• Extracts browsing history and autofill form data from supported browsers.
• Operating System (type, version).
• Hardware (processor, core count, RAM, disk space information).
• Network configuration (local IP address, MAC address, Wi-Fi SSID, and BSSID data).
• User information (username, computer name).
• Public IP address identification and geolocation data (city, region, country, latitude, longitude).
• Desktop Screenshot: Captures an image of the current desktop of the target system.
• Telegram Session Extraction: Attempts to retrieve local Telegram session files (by forcibly terminating the Telegram process to gain access to session files).
• AyuGram Session Extraction: Attempts to retrieve local AyuGram session files.
• Discord Token Discovery: Scans the system for Discord authentication tokens in various locations.
• Steam Configuration: Copies configuration files of the Steam client.
• Epic Games Configuration: Copies configuration files of the Epic client.
• Targeted File Exfiltration: Searches for and steals files with specific extensions (.doc, .docx, .xls, .xlsx, .ppt, .pptx, .pdf, .bmp) from user directories.
• Crypto Wallet Extraction: Identifies and copies files associated with cryptocurrency wallets (e.g., wallet.dat, key.json, keystore, mnemonic.txt, seed.txt, as well as SSH keys like id_rsa).
• Data Transmission: Archives all collected data into ZIP files (partitioning into parts if necessary due to size limits) and subsequently transmits them, along with system information and geolocation data, to the configured C2 server.
  download:*** Hidden text: cannot be quoted. ***
  

 

[STNBLX]

sup

 

[loco]

This is a comprehensive solution for collecting data from target systems, consisting of a collector module (stealer) and a centralized command and control (C2) server. The collector, written in Python, is compiled into a separate executable file for Windows, and the collected data is transmitted to the C2 server, developed using FastAPI.

Features:

• Retrieves saved login credentials (usernames, passwords) from a wide range of web browsers (Chrome, Edge, Opera, Yandex, Brave, Vivaldi, Slimjet, Falkon, SeaMonkey, Maxthon, Pale Moon, Qutebrowser, Iridium, CentBrowser, Tor).
• Collects browser cookie files for potential authentication bypass.
• Extracts browsing history and autofill form data from supported browsers.
• Operating System (type, version).
• Hardware (processor, core count, RAM, disk space information).
• Network configuration (local IP address, MAC address, Wi-Fi SSID, and BSSID data).
• User information (username, computer name).
• Public IP address identification and geolocation data (city, region, country, latitude, longitude).
• Desktop Screenshot: Captures an image of the current desktop of the target system.
• Telegram Session Extraction: Attempts to retrieve local Telegram session files (by forcibly terminating the Telegram process to gain access to session files).
• AyuGram Session Extraction: Attempts to retrieve local AyuGram session files.
• Discord Token Discovery: Scans the system for Discord authentication tokens in various locations.
• Steam Configuration: Copies configuration files of the Steam client.
• Epic Games Configuration: Copies configuration files of the Epic client.
• Targeted File Exfiltration: Searches for and steals files with specific extensions (.doc, .docx, .xls, .xlsx, .ppt, .pptx, .pdf, .bmp) from user directories.
• Crypto Wallet Extraction: Identifies and copies files associated with cryptocurrency wallets (e.g., wallet.dat, key.json, keystore, mnemonic.txt, seed.txt, as well as SSH keys like id_rsa).
• Data Transmission: Archives all collected data into ZIP files (partitioning into parts if necessary due to size limits) and subsequently transmits them, along with system information and geolocation data, to the configured C2 server.
  download:*** Hidden text: cannot be quoted. ***

 

[vevayej910]

123

 

[lambryg123]

Это комплексное решение для сбора данных с целевых систем, состоящее из модуля сбора (похитителя) и централизованного сервера управления и контроля (C2). Модуль сбора, написанный на Python, компилируется в отдельный исполняемый файл для Windows, а собранные данные передаются на сервер C2, разработанный с использованием FastAPI.

Функции:

• Извлекает сохраненные учетные данные для входа (имена пользователей, пароли) из широкого спектра веб-браузеров (Chrome, Edge, Opera, Yandex, Brave, Vivaldi, Slimjet, Falkon, SeaMonkey, Maxthon, Pale Moon, Qutebrowser, Iridium, CentBrowser, Tor).
• Собирает файлы cookie браузера для потенциального обхода аутентификации.
• Извлекает историю просмотров и данные автозаполнения форм из поддерживаемых браузеров.
• Операционная система (тип, версия).
• Информация об аппаратном обеспечении (процессор, количество ядер, оперативная память, дисковое пространство).
• Конфигурация сети (локальный IP-адрес, MAC-адрес, SSID сети Wi-Fi и данные BSSID).
• Информация о пользователе (имя пользователя, имя компьютера).
• Идентификационные данные публичного IP-адреса и геолокационные данные (город, регион, страна, широта, долгота).
• Скриншот рабочего стола: Создает изображение текущего рабочего стола целевой системы.
• Извлечение сессий Telegram: Попытка получить доступ к локальным файлам сессий Telegram (путем принудительного завершения процесса Telegram для получения доступа к файлам сессий).
• Извлечение сессий AyuGram: Попытка получить локальные файлы сессий AyuGram.
• Обнаружение токенов Discord: сканирует систему на наличие токенов аутентификации Discord в различных местах.
• Настройка Steam: Копирует конфигурационные файлы клиента Steam.
• Настройка Epic Games: Копирует конфигурационные файлы клиента Epic Games.
• Целенаправленная утечка файлов: поиск и кража файлов с определенными расширениями (.doc, .docx, .xls, .xlsx, .ppt, .pptx, .pdf, .bmp) из пользовательских каталогов.
• Извлечение данных из криптокошелька: идентифицирует и копирует файлы, связанные с криптовалютными кошельками (например, wallet.dat, key.json, keystore, mnemonic.txt, seed.txt, а также SSH-ключи, такие как id_rsa).
• Передача данных: Архивирует все собранные данные в ZIP-файлы (при необходимости разбивая на части из-за ограничений по размеру) и впоследствии передает их вместе с информацией о системе и данными геолокации на настроенный C2-сервер.
  Загрузка:*** Скрытый текст: не может быть процитирован. ***

.

 

[whataburgerz]

This is a comprehensive solution for collecting data from target systems, consisting of a collector module (stealer) and a centralized command and control (C2) server. The collector, written in Python, is compiled into a separate executable file for Windows, and the collected data is transmitted to the C2 server, developed using FastAPI.

Features:

• Retrieves saved login credentials (usernames, passwords) from a wide range of web browsers (Chrome, Edge, Opera, Yandex, Brave, Vivaldi, Slimjet, Falkon, SeaMonkey, Maxthon, Pale Moon, Qutebrowser, Iridium, CentBrowser, Tor).
• Collects browser cookie files for potential authentication bypass.
• Extracts browsing history and autofill form data from supported browsers.
• Operating System (type, version).
• Hardware (processor, core count, RAM, disk space information).
• Network configuration (local IP address, MAC address, Wi-Fi SSID, and BSSID data).
• User information (username, computer name).
• Public IP address identification and geolocation data (city, region, country, latitude, longitude).
• Desktop Screenshot: Captures an image of the current desktop of the target system.
• Telegram Session Extraction: Attempts to retrieve local Telegram session files (by forcibly terminating the Telegram process to gain access to session files).
• AyuGram Session Extraction: Attempts to retrieve local AyuGram session files.
• Discord Token Discovery: Scans the system for Discord authentication tokens in various locations.
• Steam Configuration: Copies configuration files of the Steam client.
• Epic Games Configuration: Copies configuration files of the Epic client.
• Targeted File Exfiltration: Searches for and steals files with specific extensions (.doc, .docx, .xls, .xlsx, .ppt, .pptx, .pdf, .bmp) from user directories.
• Crypto Wallet Extraction: Identifies and copies files associated with cryptocurrency wallets (e.g., wallet.dat, key.json, keystore, mnemonic.txt, seed.txt, as well as SSH keys like id_rsa).
• Data Transmission: Archives all collected data into ZIP files (partitioning into parts if necessary due to size limits) and subsequently transmits them, along with system information and geolocation data, to the configured C2 server.
  download:*** Hidden text: cannot be quoted. ***

sdfsdf