Divulge Stealer | Umbral-Stealer Overhaul | 25 Wallets | Browser Passwords, Cookies

[102]

Found this looks decent. Tried it in vm and seems to work great! 

 

Divulge Stealer 
a highly advanced info-stealer that outperforms its predecessor, Umbral-Stealer by Blank-c. This new iteration is a complete overhaul with enhanced capabilities, targeting 25 major cryptocurrency wallets with precision.

What’s New in Divulge Stealer:
1. Comprehensive Redesign: Divulge Stealer has been meticulously reworked from the ground up. Building on the foundation of Umbral-Stealer, it introduces advanced capabilities for targeting cryptocurrency wallets with unprecedented accuracy.

2. Expanded Wallet Support: Our stealer now supports 25 major cryptocurrency wallets, including well-known names like Bitcoin, Ethereum, and Monero. This expansion ensures a broader reach and higher effectiveness in data extraction.

3. Recursive Data Extraction: Utilizing a sophisticated recursive technique, Divulge Stealer ensures thorough scanning and retrieval of wallet files, leaving no trace behind.

4. Signature Appending Feature: In a notable upgrade, the new build includes a feature allowing you to append another .exe digital signature upon compilation. This adds a layer of customization and stealth, making detection even more challenging.

5. Optimized: Removed useless features to make the overall output file much smaller.

Key Features:

Show ContentSpoiler:

Anti-Virtual Machine Detection:

• Detects and exits if running in a virtual machine to avoid analysis in controlled environments.
  
• Ensures execution only on legitimate systems by integrating with the AntiVM component.
  

Admin Privileges Management:

• Requests elevated privileges if needed for certain operations like disabling security mechanisms or accessing restricted areas of the system.
  
• Automatically adds itself to startup if configured, ensuring persistence across reboots.
  

Self-Protection Mechanisms:

• The payload uses techniques like hiding its own executable and excluding itself from Windows Defender scans.
  
• Windows Defender is disabled to avoid detection during runtime.
  

Data Collection:

• Browser Passwords: Extracts credentials stored in major browsers.
  
• Browser Cookies: Hijacks sessions for further access.
  
  1. Google Chrome
     
  2. Brave
     
  3. Chromium-based browsers
     
  4. Microsoft Edge
     
  5. Opera (and Opera GX)
     
  6. Yandex
     
  7. Vivaldi 
     
  8. Comodo
     
  9. Epic Privacy Browser, and more..
     
  
  
• Discord Token Stealing: Extracts tokens from Discord sessions to compromise user accounts.
  
• Cryptocurrency Wallet Theft: Scans the system for installed cryptocurrency wallets and attempts to steal private keys and wallet data.
  
• Screenshot Capturing: Captures screenshots of the desktop environment for further insights into user activities.
  
• Saved Credit Cards: Retrieves stored credit card information.
  
• System Information: Gathers detailed system data including IP, OS version, Anti-Virus, and hardware details. 
  

Wallets

1. Bitcoin Core (wallets folder)
   
2. Armory
   
3. Bytecoin
   
4. Ethereum (Keystore and Wallet Files)
   
5. Litecoin
   
6. Dash
   
7. Dogecoin
   
8. ZCash
   
9. Monero
   
10. Ripple
    
11. Stellar
    
12. Binance
    
13. Tron
    
14. VeChain
    
15. Polkadot
    
16. Cardano
    
17. Tezos
    
18. Zilliqa
    
19. Neo
    
20. Jaxx Liberty (com.liberty.jaxx)
    
21. Exodus (exodus.wallet)
    
22. Electrum (wallets)
    
23. Atomic Wallet (Local Storage)
    
24. Guarda Wallet (Local Storage)
    
25. Coinomi
    

Real-Time Connection Monitoring:

• Monitors for an active internet connection before executing any network-related tasks, ensuring data exfiltration can be completed successfully.
  

Exfiltration of Stolen Data:

• Compresses collected data (credentials, cookies, screenshots, wallets) into a single archive and sends it to a specified webhook using the Postman component.
  
• Sends statistical information on the number of credentials, cookies, and other items successfully stolen.
  

Stealth Operations:

• The payload can operate silently without user interaction or visible signs of execution.
  
• Optional functionality for removing itself from the system after execution, leaving no trace behind.
  

Blocking Security Sites:

• Blocks access to well-known antivirus and security websites (e.g., VirusTotal, Avast, McAfee) to prevent users from uploading the payload for analysis or removing threats from the system.
  

file was detected by [11 / 39] engine(s)
Kleenscan Results HERE

Show ContentSpoiler:

PyDevOG/Divulge-Stealer: Divulge Stealer a highly advanced info-stealer that outperforms its predecessor, Umbral-Stealer by Blank-c. This new iteration is a complete overhaul with enhanced capabilities, targeting 25 major cryptocurrency wallets with precision. (github.com)

---

This is a bump

─[root@parrot]─[~]
└──╼ #Flooder

[35]

Nice stealer best on the market boss

[102]

Nice stealer best on the market boss

Im not sure about that, Its detection is raw is better than umbral tho.

─[root@parrot]─[~]
└──╼ #Flooder

[102]

This is a bump

[102]

This is a bump

[22]

Found this looks decent. Tried it in vm and seems to work great! 

 

Divulge Stealer 
a highly advanced info-stealer that outperforms its predecessor, Umbral-Stealer by Blank-c. This new iteration is a complete overhaul with enhanced capabilities, targeting 25 major cryptocurrency wallets with precision.

What’s New in Divulge Stealer:
1. Comprehensive Redesign: Divulge Stealer has been meticulously reworked from the ground up. Building on the foundation of Umbral-Stealer, it introduces advanced capabilities for targeting cryptocurrency wallets with unprecedented accuracy.

2. Expanded Wallet Support: Our stealer now supports 25 major cryptocurrency wallets, including well-known names like Bitcoin, Ethereum, and Monero. This expansion ensures a broader reach and higher effectiveness in data extraction.

3. Recursive Data Extraction: Utilizing a sophisticated recursive technique, Divulge Stealer ensures thorough scanning and retrieval of wallet files, leaving no trace behind.

4. Signature Appending Feature: In a notable upgrade, the new build includes a feature allowing you to append another .exe digital signature upon compilation. This adds a layer of customization and stealth, making detection even more challenging.

5. Optimized: Removed useless features to make the overall output file much smaller.

Key Features:

Show ContentSpoiler:

Anti-Virtual Machine Detection:

• Detects and exits if running in a virtual machine to avoid analysis in controlled environments.
  
• Ensures execution only on legitimate systems by integrating with the AntiVM component.
  

Admin Privileges Management:

• Requests elevated privileges if needed for certain operations like disabling security mechanisms or accessing restricted areas of the system.
  
• Automatically adds itself to startup if configured, ensuring persistence across reboots.
  

Self-Protection Mechanisms:

• The payload uses techniques like hiding its own executable and excluding itself from Windows Defender scans.
  
• Windows Defender is disabled to avoid detection during runtime.
  

Data Collection:

• Browser Passwords: Extracts credentials stored in major browsers.
  
• Browser Cookies: Hijacks sessions for further access.
  
  1. Google Chrome
     
  2. Brave
     
  3. Chromium-based browsers
     
  4. Microsoft Edge
     
  5. Opera (and Opera GX)
     
  6. Yandex
     
  7. Vivaldi 
     
  8. Comodo
     
  9. Epic Privacy Browser, and more..
     
  
  
• Discord Token Stealing: Extracts tokens from Discord sessions to compromise user accounts.
  
• Cryptocurrency Wallet Theft: Scans the system for installed cryptocurrency wallets and attempts to steal private keys and wallet data.
  
• Screenshot Capturing: Captures screenshots of the desktop environment for further insights into user activities.
  
• Saved Credit Cards: Retrieves stored credit card information.
  
• System Information: Gathers detailed system data including IP, OS version, Anti-Virus, and hardware details. 
  

Wallets

1. Bitcoin Core (wallets folder)
   
2. Armory
   
3. Bytecoin
   
4. Ethereum (Keystore and Wallet Files)
   
5. Litecoin
   
6. Dash
   
7. Dogecoin
   
8. ZCash
   
9. Monero
   
10. Ripple
    
11. Stellar
    
12. Binance
    
13. Tron
    
14. VeChain
    
15. Polkadot
    
16. Cardano
    
17. Tezos
    
18. Zilliqa
    
19. Neo
    
20. Jaxx Liberty (com.liberty.jaxx)
    
21. Exodus (exodus.wallet)
    
22. Electrum (wallets)
    
23. Atomic Wallet (Local Storage)
    
24. Guarda Wallet (Local Storage)
    
25. Coinomi
    

Real-Time Connection Monitoring:

• Monitors for an active internet connection before executing any network-related tasks, ensuring data exfiltration can be completed successfully.
  

Exfiltration of Stolen Data:

• Compresses collected data (credentials, cookies, screenshots, wallets) into a single archive and sends it to a specified webhook using the Postman component.
  
• Sends statistical information on the number of credentials, cookies, and other items successfully stolen.
  

Stealth Operations:

• The payload can operate silently without user interaction or visible signs of execution.
  
• Optional functionality for removing itself from the system after execution, leaving no trace behind.
  

Blocking Security Sites:

• Blocks access to well-known antivirus and security websites (e.g., VirusTotal, Avast, McAfee) to prevent users from uploading the payload for analysis or removing threats from the system.
  

file was detected by [11 / 39] engine(s)
Kleenscan Results HERE

Show ContentSpoiler:

PyDevOG/Divulge-Stealer: Divulge Stealer a highly advanced info-stealer that outperforms its predecessor, Umbral-Stealer by Blank-c. This new iteration is a complete overhaul with enhanced capabilities, targeting 25 major cryptocurrency wallets with precision. (github.com)

---

This is a bump

ty brother ahahaaha

[3]

Nice work. Continue with this!

[23]

well done