White Snake – APT spyware
🔹 Windows stub features🔹
- File loader.
- Leaves no trace.
- Strong log encryption.
- Doesn’t requires server.
- Fast execution in memory.
- You able to install beacon into victim PC for remote access.
- Functionality can be extended by editing grabber commands tab in builder.
Apps collection:
Firefox, Chrome, Chromium, Edge, Brave, Vivaldi, CocCoc, CentBrowser, Thunderbird, OBS-Studio, FileZilla, Snowflake-SSH, Steam, Signal, Telegram, Discord, Pidgin, Authy, WinAuth, Outlook, Foxmail, The Bat!, CoreFTP, WinSCP, AzireVPN, WindscribeVPN.
Wallets:
Atomic, Wasabi, Exodus, Binance, Jaxx, Zcash, Electrum-LTC, Guarda, Coinomi, BitcoinCore, Electrum, Metamask, Ronin, BinanceChain, TronLink, Phantom.
Payload available extensions list: EXE, SCR, COM, CMD, BAT, VBS, PIF, WSF, hta, MSI, PY, DOC, DOCM, XLS, XLL, XLSM.
🐧 Linux stub features 🐧
Apps collection:
Firefox, Exodus, Electrum, FileZilla, Thunderbird, Pidgin, Telegram.
- File size: ~5kb
- Coding language: Python
- PY and SH output extensions available.
🧬 Panel features 🧬
👷 Builder
In builder you can generate payload.
You need to set telegram bot token and chat id.
Use @BotFather to create new bot and @chatIDrobot to receive your chatid.
Don’t forget to write /start command to initialize it.
You can select execution method (Non-resident or Resident)
Non-Resident stub will steal data and self-destruct.
Resident stub will steal data and you will be able to control victim PC later.
Builder can generate python library and automatically upload to PyPi.
Malicious library can be injected into any legit project or python file, it works on windows and linux.
- You can set fake digital signature.
- File size pumper.
🔖 Report page
💻 Basic information tab
Contains system info and desktop screenshot.
🤖 Automatic actions tab
Contains scripts which panel can do to save your time.
Here is full list:
Find proxies – Will try to find free SOCKS5 proxies from victim country.
Ronin/Metamask – You can bruteforce this wallets and extract mnemonic phrase.
Steam – You can view victim’s steam profile.
Telegram – Will open victim’s telegram session. If it has local passcode – will ask for passwords list to bruteforce.
<Browser> / <Profile> – Will open browser with victim’s cookies, spoofed User-Agents also you can use SOCKS5 proxy.
FTP <Host> – Will connect to ftp server.
Discord – Will open browser and import discord token to access account.
🔑 Passwords tab
This tab contains passwords from all browsers and several apps like filezilla hosts, pidgin and etc.
You can export unique passwords to generate bruteforce list.
Also you can search entries by domain name.
💳 Credit Cards and AutoFill tabs (Description not needed.)
🍪 Cookies tab
Contains cookies from all detected browsers, you can export them into Netscape or Json format.
📂 Grabber tab
Contains stolen files. For example wallets, apps sessions and etc.
🐚 Remote Terminal tab
Appears only if you have enabled “Resident” mode in builder.
If victim’s PC is online – green dot will blink near “Remote terminal” caption.
You can execute system commands, download and run files, refresh report (run stealer again), do desktop screenshots, webcam screenshot download files from PC.
🏹 Log export/import
In the telegram bot you will receive WSR files. These are encrypted logs, only your panel can open them.
You can export WSR as ZIP archive or JSON file.
Exported JSON log will load faster, also it can be shared with other WhiteSnake customers.
JSON report can be imported by “White Snake Report” desktop icon.
You can do bulk WSR to ZIP convertation using “White Snake ZIP” desktop icon.
📹 Some videos (Including old versions)
https://telegra.ph/embed/vimeo?url=https%3A%2F%2Fvimeo.com%2F797929473First release, v1.0
https://telegra.ph/embed/vimeo?url=https%3A%2F%2Fvimeo.com%2F798721333Update v1.1 (Added Linux stub)
https://telegra.ph/embed/vimeo?url=https%3A%2F%2Fvimeo.com%2F800132620Update v1.3 (WSR to ZIP convertation)
https://telegra.ph/embed/vimeo?url=https%3A%2F%2Fvimeo.com%2F800533485Update v1.4 (Same WSR to ZIP but better, lol)
https://telegra.ph/embed/vimeo?url=https%3A%2F%2Fvimeo.com%2F807607121Update v1.5 (Automatic actions was added)
https://telegra.ph/embed/vimeo?url=https%3A%2F%2Fvimeo.com%2F816193932Update 1.5.8 (Remote terminal was added)
https://telegra.ph/embed/vimeo?url=https%3A%2F%2Fvimeo.com%2F817342187White Snake update 1.5.8.3 (Added automatic action in builder to create telegram bot from your account)
https://telegra.ph/embed/vimeo?url=https%3A%2F%2Fvimeo.com%2F817637018%3Fembedded%3Dtrue%26source%3Dvideo_title%26owner%3D198063664White Snake update 1.5.8.4 (Now builder can generate python library and automatically upload to PyPi.)
https://telegra.ph/embed/vimeo?url=https%3A%2F%2Fvimeo.com%2F821257483%3Fshare%3DcopyWhite Snake update 1.5.9.3 (Keylogger was added)
💎 Prices (We accept xss.is escrow)
140$ – 1 month
315$ – 3 months
580$ – 6 months
1100$ – 1 year
1950$ – lifetime
Payments only in crypto (BTC, ETH, USDT, LTC)
Contacts :
✈️ Telegram: @WhiteSnake_Support
🦄 Jabber: whitesnake@thesecure.biz
📝 Customer Reviews: https://t.me/+8DjyXCV1rjBkMDI6
🤠 Chat: https://t.me/+CWG1v59XG8w3ODYy
🌐 Our posts on forums
Exploit (Deposit 0.023 BTC / 700$ )
XSS.IS (Deposit 0.026 BTC / 777$)
Report content on this page
- Run install.cmd file
2. Send identifier to @WhiteSnake_Support
3. Paste license key from seller and hit enter button.
4. Run builder by desktop icon.
5. Create new telegram bot in @BotFather
6. Write /start to bot (bot will send nothing, but it’s required to init API)
7. Write to @chatIDrobot to receive your chat id.
8. Paste your bot token and chat id into builder.
Also you can extend software functionality by editing “Grabber commands” field. Write to seller to ask for new software.
AntiVM – Function prevents execution on virtual machines, sandboxes and etc.
AntiRepeat – Prevents second stealer execution on computer.
SelfDestruct – File will be removed after sending report.
9. Hit build button.
10. Crypt your build. (I recommend @Crypt_0x00_V2 crypter)
11. Run build somewhere.
12. Open log from telegram bot.
13. You will see credentials from victim pc.
Required files:
https://anonfiles.com/Q1Ge43Y6y2/Requirements_zip