Spybrowse - Code Developed To Steal Certain Browser Config Files (History, Preferences, Etc)

2020-08-16T13:00:05
ID KITPLOIT:805694896302514626
Type kitploit
Reporter KitPloit
Modified 2020-08-16T13:00:05

Description

Be sure to change the ftp variables throughout the code, these variables contain the username, password, & IP address of the FTP server which receives the files.
This code will do the following:

  1. Copy itself into the %TMP% directory & name itself ursakta.exe
  2. Add a registry entry to execute itself each time the user logs in
  3. Verify which browser the user is using (Chrome, Firefox or Brave)
  4. Search for files within the Chrome, Firefox, or Brave browser directories
  5. Create a directory on our FTP server then send the files in the browser's directory to the FTP server

Cross Compiling with MingW on Linux
Install command with Apt:

  • sudo apt-get install mingw-w64 64-bit:

  • x86_64-w64-mingw32-gcc *input file* -o *output file* -lwininet -lversion 32-bit:

  • i686-w64-mingw32-gcc *input file* -o *output file* -lwininet -lversion

From Victim's Perspective:
Registry entry:

File activity:

FTP connection:

Detection Rate:
This detection rate is after stripping the executable with strip --strip-all *filename.c*

Download Spybrowse