• Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Stealer [CRACK+PATCH by LLCPPC] MarsStealer v3 + Panel + Builder

Status
Not open for further replies.

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,623
Solutions
2
Reputation
32
Reaction score
100,455
Points
2,313
Credits
32,750
‎6 Years of Service‎
 
76%
screenshot-3351.png


About the stealer (from the official thread):

Browsers: Internet Explorer, Microsoft Edge
Google Chrome, Chromium, Microsoft Edge (Chromium version), Kometa, Amigo, Torch, Orbitum, Comodo Dragon, Nichrome, Maxthon5, Maxthon6, Sputnik Browser, Epic Privacy Browser, Vivaldi, CocCoc, Uran Browser, QIP Surf, Cent Browser, Elements Browser, TorBro Browser, CryptoTab Browser, Brave Browser.
Opera Stable, Opera GX, Opera Neon.
Firefox, SlimBrowser, PaleMoon, Waterfox, Cyberfox, BlackHawk, IceCat, KMeleon, Thunderbird.
Collects passwords, cookies, cc, autocomplete, history of visits to sites, history of downloading files.
All the latest browser updates, including Chrome v80, are supported.

2FA Plugins: Authenticator, Authy, EOS Authenticator, GAuth Authenticator, Trezor Password Manager.

Crypto plugins:
TronLink, MetaMask, Binance Chain Wallet, Yoroi, Nifty Wallet, Math Wallet, Coinbase Wallet, Guarda, EQUAL Wallet, Jaxx Liberty, BitAppWallet, iWallet, Wombat, MEW CX, Guild Wallet, Saturn Wallet, Ronin Wallet, NeoLine, Clover Wallet, Liquality Wallet, Terra Station, Keplr, Sollet, Auro Wallet, Polymesh Wallet, ICONex, Nabox Wallet, KHC, Temple, TezBox, Cyano Wallet, Byone, OneKey, Leaf Wallet, DAppPlay, BitClip, Steem Keychain,  Nash Extension, Hycon Lite Client, ZilPay, Coin98 Wallet.

Wallets: Bitcoin Core and all derivatives (Dogecoin, Zcash, DashCore, LiteCoin, and so on), Ethereum, Electrum, Electrum LTC, Exodus, Electron Cash, MultiDoge, JAXX, Atomic, Binance, Coinomi.
PC Data Collection: IP and Country, Operational Path to Mars EXE File in Progress, Local PC Time and Time Zone, System Language, Keyboard Language Layouts, Laptop/Desktop, Processor Model, Installed RAM Size, Operating System Version and Bitness, Video Card Model, Computer Name, User Name, Computer Domain Name (if any), Machine ID, GUID, List of Software installed in the system and its version"
As you can see - the list is huge, the developers tried to collect, but, alas, not on optimization and protection. "

---------------------

screenshot-3351.png


MarsStealer_Menu.exe = Builder
Mars_Stealer_cracked_by_LLCPPC.exe = Server Stealer


Update: Completely redone the building, now everything has become much more convenient!

1. Rewrote the encryption, now you do not need to go to the site, enter the IP panel, gate, and the creator will encrypt the data himself!
2. Redesigned the building
3. Made the creation of the file "Builded.exe", so that many do not get confused how to use the created build
CACA6fUr9ycXmy9YI2X7UDxyfV2IWpU50pmAGVdpYgJV0Q

To see this hidden content, you must like this content.
Instructions for installing the panel - inside the folder. (instruction.txt)

Soon I will make a software encryption so as not to run to the site...

Important: libraries in the panel should remain in their place - /public/*.dll, because it is not yet possible to change the paths to libraries.
Also - there is no possibility to change the download path, so the libraries are downloaded in C:\ProgramData. Although I have a suspicion that the developer himself did not allow this to change the buyers, despite the fact that each build downloads libraries along the same path, both in the panel and on the victim's PC...

Panel:

UVxKwbb.jpg


Server Scan

screenshot-3347.png


https://www.kleenscan.com/scan_result/07f79cecff10bdb37fc917012daa4aab3febad0dc9dbb3413dd1d632b1d7b7a9

 
Last edited by a moderator:
Updated

screenshot-3466.png


Stub:
* Added protection: 1000 processes for all occasions - all antiviruses, AnyRun, virtual machines including! (Attention: because of this, knocking may suffer, because on machines with antivirus - the code will not be decrypted)
* Additional protection against virtual machines and antiviruses, by calculating the delay in clocks
* Internal encryption of the code and lines of the decryption code of the section!
* Decrypt the encrypted partition in memory, and transfer EntryPoint to the partition, right in memory! Who is your RunPE?
* Cleaning memory, removing traces of decryption, lines (only for my stub)

This is the last update, I will not support the patch anymore, because there are cases.

To see this hidden content, you must like this content.
----------

The same, but only without protection from antiviruses, at the request of a person (protection from virtual machines and AnyRun is present)

To see this hidden content, you must like this content.
 
Last edited by a moderator:
i feel really dumb but my website doesn't have a dedicated ip. the panel is all setup but i can not get it to collect a log in the panel . can you show me 2 examples

1st example is the builder as website instead of ip, i put domain/panel/dashboard.php

and gate i put domain/gate.php

then in the db file i put domain/panel/dashboard.php

am i doing it all wrong or am i just not getting logs

 
the 2nd example would be the db.php so i can understand

 
@Carbon Black 

Пересмотрел.
login.php:8: if (password_verify($data['password'], $GLOBALS['password'])) {
Это функция PHP, которая сверяет два хэша.
Хэши сделаны через password_hash()
Чуть-чуть ещё погуглил, и нашёл алгоритм. Это CRYPT_BLOWFISH. Ему соответственен идентификатор "$2a$"
Поэтому чтобы создать новый пароль тебе нужно на PHP выполнить скрипт:
<?php
echo password_hash("new_password", CRYPT_BLOWFISH);
?>

После чего полученный новый пароль вставить в код.

Поправка.
Скорее всего, не password_hash(), а crypt() с солью $2a$10$ZggcH2744Z1YHWa5BpqAm$
В общем, пробуй.

or

screenshot-4886.png


https://bcrypt-generator.com/

 
Status
Not open for further replies.
Back
Top