About Teletype
Join
THREAD
@thread_type
July 20

BOFAMET STEALER [v4] | Credit: Rigolit

Это комплексное решение для сбора данных с целевых систем, состоящее из модуля коллектора (stealer) и централизованного командно-контрольного (C2) сервера.

Что нового обновлении:

Код был перенесен на GoLang, так же для бидера был создан GUI клиент. На сервер было добавлено так же ряд изменений, включая редирект логов в телеграм бота.

Особенности:

  • Retrieves saved login credentials (usernames, passwords) from a wide range of web browsers (Chrome, Edge, Opera, Yandex, Brave, Vivaldi, Slimjet, Falkon, SeaMonkey, Maxthon, Pale Moon, Qutebrowser, Iridium, CentBrowser, Tor).
  • Collects browser cookie files for potential authentication bypass.
  • Extracts browsing history and autofill form data from supported browsers.
  • Operating System (type, version).
  • Hardware (processor, core count, RAM, disk space information).
  • Network configuration (local IP address, MAC address, Wi-Fi SSID, and BSSID data).
  • User information (username, computer name).
  • Public IP address identification and geolocation data (city, region, country, latitude, longitude).
  • Desktop Screenshot: Captures an image of the current desktop of the target system.
  • Telegram Session Extraction: Attempts to retrieve local Telegram session files (by forcibly terminating the Telegram process to gain access to session files).
  • AyuGram Session Extraction: Attempts to retrieve local AyuGram session files.
  • Discord Token Discovery: Scans the system for Discord authentication tokens in various locations.
  • Steam Configuration: Copies configuration files of the Steam client.
  • Epic Games Configuration: Copies configuration files of the Epic client.
  • Targeted File Exfiltration: Searches for and steals files with specific extensions (.doc, .docx, .xls, .xlsx, .ppt, .pptx, .pdf, .bmp) from user directories.
  • Crypto Wallet Extraction: Identifies and copies files associated with cryptocurrency wallets (e.g., wallet.dat, key.json, keystore, mnemonic.txt, seed.txt, as well as SSH keys like id_rsa).
  • Data Transmission: Archives all collected data into ZIP files (partitioning into parts if necessary due to size limits) and subsequently transmits them, along with system information and geolocation data, to the configured C2 server.

Download | Github

#malware
July 20, 08:07
0 views
0 reposts