-
This is a Proof of Concept (P.O.C) tool centered around bitcoin theft, intended exclusively for educational exploration and developed using C# programming language. Its primary goal is to highlight the potential vulnerabilities in the bitcoin wallet system. The tool operates by identifying the user's bitcoin wallet and substituting it with a malicious bitcoin wallet address. It is designed with simplicity in mind, making it suitable for learning purposes, and welcomes engagement from all levels of users.
-
This tool is classified as potentially malicious by Windows Defender. It is important to exercise extreme caution when interacting with it. Do not execute it directly from a storage device on a target system. If you intend to run it in-memory on a target system, ensure that it is done with AMSI (Antimalware Scan Interface) bypassed. Employ obfuscation techniques, such as using tools like ConfuserEx, to add an additional layer of protection.
-
When exporting a certificate with an associated private key in the Personal Information Exchange (PFX) format, it's crucial to note that the default password is left blank. This is not the same as being nonexistent. Optionally, you have the option to define a password using the
--passwordargument. -
In scenarios where keys are marked as not exportable, modifying the CryptoAPI (CAPI) to allow the export of non-exportable keys within the current process might be necessary. Tools like mimikatz can assist in achieving this via the
crypto::capicommand. For cases involving exporting non-exportable device certificates, mimikatz can also modify the memory of the running lsass.exe process to bypass protective measures using thecrypto::cngcommand. -
Alternatively, another method for extracting private keys is through Data Protection Application Programming Interface (DPAPI) operations. This involves utilizing the user's DPAPI master key, or other potential methods such as a password, domain DPAPI private key, or system backup key, to decrypt the user's master key and subsequently decrypt their certificates stored in the registry. This approach can be executed using tools like SharpDPAPI or mimikatz. Additional insights into this process can be found in the THEFT2 and THEFT3 sections of SpecterOps's whitepaper titled "Certified Pre-Owned," which covers this topic comprehensively. Reading the entire paper is highly recommended for a deeper understanding of the subject matter.
- Exclusively for Educational Purposes
- Prohibition of Resale
- Permissible Use of Source Code while Maintaining Credits (both embedded and in reductions); Obligatory Open-Source Nature
- Disclaimer: We bear no liability for any actions conducted with our software, particularly if they breach legal boundaries
๐ Welcome to our feature-rich toolkit designed to enhance your tasks! Here's an overview of what we offer:
- ๐ QR Code Logger: Seamlessly capture QR codes for data input.
- ๐ Discord Login Extraction: Retrieve user login details for Discord.
- ๐ Username Acquisition: Easily gather usernames from various sources.
- ๐ Identification Number (ID): Obtain and manage identification numbers.
- ๐ Token Extraction: Effortlessly extract tokens for various platforms.
- ๐ก๏ธ Overcoming Novel Security Mechanisms: Stay ahead by bypassing new security features.
- ๐ Circumvention of Two-Step Verification: Gain access even when two-step verification is in place.
- ๐ง Overcoming Identity Hurdles: Navigate through inherent identity challenges and 5-digit verification codes.
- ๐ง SMTP Transport Support: Seamless integration with SMTP transport for efficient communication.
- ๐ Telegram API Transport Support (with Proxy): Connect through Telegram API with added privacy.
- ๐ฌ Fake Message Integration: Integrate fake messages for specific scenarios.
- ๐ผ๏ธ Customizable Icons Support: Personalize icons to suit your preferences.
- ๐ A.V Bypass (Upcoming Feature): Upcoming feature to bypass antivirus detection.
- ๐ Detection of Inspect Element Usage: Identify unauthorized inspect element usage.
- ๐จ Personalized Design: Tailor the design to your liking with aesthetic visuals.
- ๐ Anti-Analysis Measures: Stay under the radar with measures against analysis tools.
- ๐ป System Information Retrieval: Gather system details like version, CPU, GPU, RAM, IPs, and more.
- ๐ Browser Data Extraction: Extract valuable data from Chromium, Firefox, and Internet Explorer/Edge.
- ๐ถ Network Enumeration: Enumerate saved and nearby WiFi networks for insights.
- ๐ File Acquisition: Acquire a wide range of files, from documents to databases.
- ๐ณ Detection of Banking and Cryptocurrency Services: Identify financial platforms within browsers.
- ๐ฎ Session Retrieval for Gaming Platforms: Retrieve sessions for Steam, Uplay, Battle.Net, Minecraft.
- โจ๏ธ Keylogger and Clipboard Manipulator: Deploy keyloggers and manipulate clipboard content.
- ๐ธ Screenshots and Webcam Capture: Capture desktop and webcam screenshots discreetly.
- ๐ VPN Compatibility: Use with ProtonVPN, OpenVPN, NordVPN for enhanced privacy.
- ๐ฐ Crypto Wallet Support: Compatible with various crypto wallets and their extensions.
- ๐ฑ Messenger Capture: Capture sessions, accounts, tokens for Discord, Telegram, ICQ, Skype, and more.
- ๐ต๏ธโโ๏ธ Phishing Detection Measures: Implement measures to detect phishing for platforms like Metamask.
- ๐ Display of File Directory Structure: Easily navigate through file directories.
- ๐ฅ๏ธ Compilation of FileZilla Hosts: Compile a list of FileZilla hosts for efficient access.
- ๐ Compilation of Running Processes: Get a comprehensive list of running processes.
- ๐ Retrieval of Product Key: Easily retrieve product keys for software.
- ๐ค Authoritative Module for Automatic Execution: Execute tasks authoritatively with automation.
- โฉ Swift Transactions: Perform tasks quickly and efficiently.
- โ๏ธ Contract-Free Usage: Enjoy the toolkit's capabilities without binding contracts.
- ๐ Browser Integration: Extract passwords, emails, and more from browsers.
- ๐ณ Payment Information Capture: Capture credit card details, CVC, expiry dates, billing info.
- ๐ IP and Hostname Extraction: Retrieve IP addresses and computer hostnames.
- ๐ช Instant Logoff Capability: Log off instantly for added security.
- ๐ Quick QR Code Deactivation: Deactivate QR codes swiftly when needed.
- ๐จ Tailored Embedding: Embed the toolkit seamlessly into your workflow.
- ๐งฉ Ingenious Code Structure: Benefit from a well-structured and efficient codebase.
- ๐ช Cookie Information Retrieval: Retrieve valuable cookie information.
- ๐ Automatic Cookie Logging: Log cookies automatically for analysis.
- ๐ Metamask and Exodus Support: Retrieve information from Metamask and Exodus wallets.
- ๐ซ Anti-Delete and Anti-Spam Measures: Prevent unauthorized deletion and spamming.
- โก Evasion of Detections: Remain undetected with a 0/64 detection rate.
- ๐ช Compatibility with Official Telegram Desktop: Compatible with Windows Telegram Desktop.
- ๐ Password Extraction: Effortlessly extract passwords, including modifications.
- ๐ง Email Extraction: Retrieve email addresses for various purposes.
- ๐ Badge Retrieval: Capture badges for user identification.
- ๐ Nitro Capture: Capture Nitro for premium features.
- ๐ณ Credit Card Information: Capture credit card numbers, CVC, expiry dates, billing info.
- ๐ IP Address Extraction: Extract IP addresses for analysis.
- ๐ฅ๏ธ Webcam Screenshots: Capture webcam screenshots discreetly.
- โจ Instant Logoff and QR Code Deactivation: Swiftly log off and deactivate QR codes for security.
- ๐ Mastery of Identity Verification: Expertly handle inherent identity and 5-digit verification codes.
- ๐ฉ Integration with SMTP Transport: Seamlessly connect with SMTP for reliable communication.
- ๐ฒ Integration with Telegram API Transport: Connect via Telegram API with added flexibility.
- ๐ฌ Facilitation of Fake Messages: Easily create and integrate fake messages.
- ๐ญ Custom Icon Integration: Personalize icons to enhance user experience.
- ๐ Phishing Detection Measures for Metamask: Implement measures to detect phishing attempts.
- ๐ต๏ธโโ๏ธ Evasion of Detections: Stay undetected with advanced evasion techniques.
- ๐ Contract-Free Usage: Enjoy all features without restrictive contracts.
- ๐ผ Comprehensive Data Retrieval: Gather data from various sources effectively.
In order to compile the software from its source code, the following prerequisites need to be in place:
- Visual Studio 2022 (v17.*)
- NET SDK 6.0.* (Included with Visual Studio 2022)
- NET Framework SDK 4.8 (Included with Visual Studio 2022)
These components are essential for the successful building of the software using its source code.
These components are solely necessary if you decide to download the release version from the Releases section (stealerium.zip):
- Builder.exe (Requires NET Runtime 6.0.*)
- Stub (Requires NET Framework 4.8)
These runtime requirements are crucial if you opt for the downloadable release version of the software.