EvilZone
Programming and Scripting => Projects and Discussion => : Kulverstukas April 01, 2013, 03:24:11 PM
-
Hello,
StealthStalker is information "gathering" malware I am creating in C++ as I am learning, so it's mainly for knowledge but of course I will use it daily :D maybe not daily... we'll see.
I will not release it to the public, only for VIP members. Those who will suggest great ideas and give sample code or PoC or a proper documentation to support that idea, will also get a copy when it's done (based on reputation of course, I won't be giving it left and right to one time visitors).
The basic idea what it does is that it steals Browser history data and skype chat logs. You can say it's like having some of NirSoft utils on your flash with a batch script to run all of them, but my version is all in one and it's much faster.
Features will include:
- installation on victim computer
- one-time plug-and-grab kind of thing (where you run it from a flash drive)
- If it is installed then all logs will be sent to a precompiled webspace somewhere
- If it runs from a flash drive then everything will be saved on the flash drive
So you will be able to select how you want it to run with command line args.
As of now it can steal:
- Opera history
- Firefox history
- Internet Explorer history - not because many people use it, but because the explorer.exe is based on IE, even if you "uninstall" it, IE is still there, just no shortcuts are available, you enter google.com in the My Computer window and it will open IE; so since explorer is based on IE, the history stores locally opened files
- Skype chat history
Password and cookie stealing features may come in later version if I feel like doing it
The project is not done yet, right now it cannot send logs to the server and install onto computers but I'm working on it.
Thank you for reading, this isn't some high-tech elite trojan bullshit and I have no intention of making a stuxnet little/bigger brother so simple and general ideas is what should be suggested.
-
Kinda obvious, but how about a function to copy all browser cookies to the flash disk/webspace. Also, grab e-mails and account names from saved passwords, it would enhance the information gathered.
-
I have some experience with Firefox logins (I made that master password cracker for Firefox and Thunderbird). I could help with that, if you want to.
-
I have some experience with Firefox logins (I made that master password cracker for Firefox and Thunderbird). I could help with that, if you want to.
Yes that would be great. I'll try to make my own version, I'll contact you if I get stuck :)
-
Might as well search for the lastlogin file for minecraft. You can sell the accounts for like maybe 10-15 a piece.
-
Since your using c++, you can use bitwise operators to compact your programs and make it even faster and stelthy.
And also steel the log files from c\windows\
directory.
Look for the SchedLgU.txt in there. It keeps the windows start and shut down logs. And you can steel other .log files from there.
-
Might as well search for the lastlogin file for minecraft. You can sell the accounts for like maybe 10-15 a piece.
Only people you'd be able to steal is your friends, because this is not a virus. It will not spread like a worm.
And also steel the log files from c\windows\ directory.
Look for the SchedLgU.txt in there. It keeps the windows start and shut down logs. And you can steel other .log files from there.
I'll look into that.
-
Since your using c++, you can use bitwise operators to compact your programs and make it even faster and stelthy.
You learned something new brah? xD
-
You learned something new brah? xD
Yes brah, i learned the existence of it but cant apply it, (it just shift/changes binary values, dont get it properly)
still doing some research.
@ kulverstakas. Maybe you can index the whole HDD and the flash drive(if its in the flash drive) of the victime. So you can do some remote activiteys.(dont worry i have the solution)
and i like the thought the data will be sent to some web space.(leaving no trace to you) I had a thought like that and also thought its possible to put the remote commands in a txt file and upload it somewhere the program can access it. So if i wanted to do some remote activiteys id just edit the txt file add new commands/ tasks to be done and update it.
-
Yes brah, i learned the existence of it but cant apply it, (it just shift/changes binary values, dont get it properly)
still doing some research.
@ kulverstakas. Maybe you can index the whole HDD and the flash drive(if its in the flash drive) of the victime. So you can do some remote activiteys.(dont worry i have the solution)
and i like the thought the data will be sent to some web space.(leaving no trace to you) I had a thought like that and also thought its possible to put the remote commands in a txt file and upload it somewhere the program can access it. So if i wanted to do some remote activiteys id just edit the txt file add new commands/ tasks to be done and update it.
Yes let's index the whole hdd. goodluck.
Anyway the idea behind the bit thing is that the minimal amount of memory that can be allocated is 1 byte, and a boolean is only 1 bit (0, 1). So when you are assigning a shitload of booleans you are wasting memory.
You want to store 8 booleans in 1 byte (1 byte is 8 bits.) and use a index for every boolean :). so BYTE << INDEX = BIT; :D
-
whats wrong with indexing? Indexing the whole thing wont take much memory.
And lets not get off topic, ill talk to you later about bit shit when i learn more.
*Faction is cranki today.:-P
-
I'm not turning this into a remote administration tool. And what would be the benefit of indexing the drive...?
-
If you index the c drive you can see what apps your victimes use, if you index the whole hdd you can see what sort files he keep, etc. Can lead to more and more info about your victimes.
AND I DIDNT tell you to turn your program into a remote adminstrator tool i just told you it was possible and i had uif same thought of using web space(but in a different way)
-
Hurf a durf
To see what programs he has installed there are better ways, like enumerating registry keys.
IE logs what files you open on your computer, so it's enough for now. Indexing everything on the drive is a time and resource consuming task.
-
A well organized web panel to upload/browse all the info gathered.
If it is just a stealer, ignore this, but form-grabbing (http://en.wikipedia.org/wiki/Form_grabbing) is cool.
Windows licenses / other software licenses (AV...)
-
An easy way to propagate the binary 'd be to run it on win startup, do checks on pre-determined interval for removable drives. If the drive has FAT32, copy self.
When attached to a machine later, there has to be any kind of misleading (like, say with icon of a folder, unless extensions are shown) so the user clicks to open it and the binary in turn copies itself to that machine and executes. With w7, I guess autorun is a bit more harder than previous versions.
Actually, that's what I did with my spybot in autoit.
-
An easy way to propagate the binary 'd be to run it on win startup, do checks on pre-determined interval for removable drives. If the drive has FAT32, copy self.
When attached to a machine later, there has to be any kind of misleading (like, say with icon of a folder, unless extensions are shown) so the user clicks to open it and the binary in turn copies itself to that machine and executes. With w7, I guess autorun is a bit more harder than previous versions.
Actually, that's what I did with my spybot in autoit.
You will get your mall-ware above the radar pretty quickly if you do that. I will always suggest to find your own tricks and do not use existing binders/crypters because av's can find them suspicious because they use known binder and wanna be fud methods and upload them to a av server and when your code is reversed and in the av pattern databases you can wave goodbye to being totally fud.
-
For an idea, maybe the malware should also be able to run new own code that its user can insert and change later. This will carter for those wanting it to be a RAT or add anymore capabilities to it rather than the pre-defined rules by its coder.