Dec 31, 2025 16:10
Reply
🖥 Phantom Stealer Source Code [C#]
▶️Extremely aggressive anti-analysis / anti-VM / anti-sandbox:
▶️Huge blacklist of usernames (sandbox defaults, researcher names, etc.)
▶️Huge blacklist of computer names (ANY.RUN, JoeSandbox, REMnux, HybridAnalysis, etc.)
▶️GPU name checks for VirtualBox, VMware, Hyper-V, QEMU, Parallels
▶️Process name checks (Sysmon, ProcessHacker, Wireshark, Fiddler, etc.)
▶️Debugger / recent Windows install detection
▶️Persistence via HKCU/HKLM Run keys
Mutex control to prevent multiple instances
▶️Melt / self-delete of the original executable
▶️Full keylogger (keyboard + clipboard monitoring)
▶️Periodic screenshots
▶️Clipboard hijacking / crypto address swapper (Bitcoin, Ethereum, Monero, etc.)
▶️Browser credential stealing from all Chromium-based browsers (Chrome, Edge, Brave, Opera, Vivaldi, etc.) - passwords, cookies, autofill, credit cards
▶️Firefox/Gecko credential stealing (passwords + cookies)
▶️Discord token grabbing (all local accounts + HQ tokens)
▶️Telegram session stealing (.tdata folder)
▶️Outlook account stealing (SMTP/POP3 credentials)
▶️FileZilla servers.xml + credentials
▶️WinSCP session stealing with proper decryption (including master password check)
▶️FoxMail, Thunderbird, and other mail client support
▶️Crypto wallet stealing:
▶️Browser extensions (MetaMask, Binance Chain, TronLink, Ronin, etc.)
▶️Desktop wallets (Exodus, Atomic, Electrum, Zcash, Jaxx, etc.)
▶️File grabber - grabs files by extension/size from Desktop, Documents, Downloads, OneDrive, etc. (with regex support and size limits)
▶️Wi-Fi stealing:
▶️All saved Wi-Fi profiles + clear-text passwords
▶️Current visible networks + BSSIDs
▶️Remote command execution via C2
▶️Multiple exfiltration channels:
▶️Discord webhooks
▶️Telegram bots
▶️SMTP (built-in mailer)
▶️FTP
▶️AES-256-GCM encryption for C2 communication (custom BCrypt implementation)
▶️Encrypted config (AES-GCM)
▶️Automatic ZIP packaging of all stolen data (with timestamps + PC name)
▶️Self-destruct / cleanup options
▶️Critical process protection / anti-kill (in some builds)
▶️Start delay / random sleep to evade sandboxes
Source : https://gbhackers.com/hackers-target-windows-systems-using-phantom-stealer/
Download : https://files.catbox.moe/ip2wr7.rar
▶️Extremely aggressive anti-analysis / anti-VM / anti-sandbox:
▶️Huge blacklist of usernames (sandbox defaults, researcher names, etc.)
▶️Huge blacklist of computer names (ANY.RUN, JoeSandbox, REMnux, HybridAnalysis, etc.)
▶️GPU name checks for VirtualBox, VMware, Hyper-V, QEMU, Parallels
▶️Process name checks (Sysmon, ProcessHacker, Wireshark, Fiddler, etc.)
▶️Debugger / recent Windows install detection
▶️Persistence via HKCU/HKLM Run keys
Mutex control to prevent multiple instances
▶️Melt / self-delete of the original executable
▶️Full keylogger (keyboard + clipboard monitoring)
▶️Periodic screenshots
▶️Clipboard hijacking / crypto address swapper (Bitcoin, Ethereum, Monero, etc.)
▶️Browser credential stealing from all Chromium-based browsers (Chrome, Edge, Brave, Opera, Vivaldi, etc.) - passwords, cookies, autofill, credit cards
▶️Firefox/Gecko credential stealing (passwords + cookies)
▶️Discord token grabbing (all local accounts + HQ tokens)
▶️Telegram session stealing (.tdata folder)
▶️Outlook account stealing (SMTP/POP3 credentials)
▶️FileZilla servers.xml + credentials
▶️WinSCP session stealing with proper decryption (including master password check)
▶️FoxMail, Thunderbird, and other mail client support
▶️Crypto wallet stealing:
▶️Browser extensions (MetaMask, Binance Chain, TronLink, Ronin, etc.)
▶️Desktop wallets (Exodus, Atomic, Electrum, Zcash, Jaxx, etc.)
▶️File grabber - grabs files by extension/size from Desktop, Documents, Downloads, OneDrive, etc. (with regex support and size limits)
▶️Wi-Fi stealing:
▶️All saved Wi-Fi profiles + clear-text passwords
▶️Current visible networks + BSSIDs
▶️Remote command execution via C2
▶️Multiple exfiltration channels:
▶️Discord webhooks
▶️Telegram bots
▶️SMTP (built-in mailer)
▶️FTP
▶️AES-256-GCM encryption for C2 communication (custom BCrypt implementation)
▶️Encrypted config (AES-GCM)
▶️Automatic ZIP packaging of all stolen data (with timestamps + PC name)
▶️Self-destruct / cleanup options
▶️Critical process protection / anti-kill (in some builds)
▶️Start delay / random sleep to evade sandboxes
Source : https://gbhackers.com/hackers-target-windows-systems-using-phantom-stealer/
Download : https://files.catbox.moe/ip2wr7.rar