AntiAnalysis (VirtualBox, SandBox, Debugger, VirusTotal, Any.Run)
Get system info (Version, CPU, GPU, RAM, IPs, BSSID, Location, Screen metrics, Installed apps)
Chromium based browsers (passwords, credit cards, cookies, history, autofill, bookmarks)
Firefox based browsers (db files, cookies, history, bookmarks)
Internet explorer/Edge (passwords)
Saved wifi networks & scan networks around device (SSID, BSSID)
File grabber (Documents, Images, Source codes, Databases, USB)
Detect banking & cryptocurrency services in browsers
Steam, Uplay, Battle.Net, Minecraft session
Install keylogger & clipper
Desktop & Webcam screenshot
ProtonVPN, OpenVPN, NordVPN
Crypto Wallets
Zcash, Armory, Bytecoin, Jaxx, Exodus, Ethereum, Electrum, AtomicWallet, Guarda, Coinomi, Litecoin, Dash, Bitcoin
Crypto Wallet Extensions from Chrome & Edge
Binance, coin98, Phantom, Mobox, XinPay, Math10, Metamask, BitApp, Guildwallet, iconx, Sollet, Slope Wallet, Starcoin, Swash, Finnie, KEPLR, Crocobit, OXYGEN, Nifty, Liquality, Auvitas wallet, Math wallet,
MTV wallet, Rabet wallet, Ronin wallet, Yoroi wallet, ZilPay wallet, Exodus, Terra Station, Jaxx.
Messenger Sessions, Accounts, Tokens
Discord, Telegram, ICQ, Skype, Pidgin, Outlook, Tox, Element, Signal
Directories structure
Filezilla hosts
Process list
Product key
Autorun module
πΉ Keylogger: The keylogger will turn on if the user is texting in the chat or using the bank's website.
Clipper turns on and replaces crypto wallet addresses in the clipboard when a user makes a transaction.
Webcam screenshots will be taken if the user is watching something obscene on the Internet.