Malevolence Sec
First off all to use it you should install python 3 and then pip install pyinstaller python-telegram-bot pywin32 pillow pynput requests after this open file and configure it you can use telegram bot or discord webhook after configure open cmd in same folder then pyinstaller –onefile Dataspectre v1.py
Features of DataSpecter v1
1. System Information Collection
Operating System Details: OS name, release version, build number
Hardware Specifications:
CPU: Processor details
RAM: Memory chip capacity, speed, manufacturer
Disk: Disk drive model, size, serial number, media type
GPU: Video controller caption, driver date, version
Motherboard: Product name, manufacturer, serial number, version
Device Identity:
Hostname: Machine’s network name
Username: Current logged-in user’s name
Machine Architecture: System architecture
System Configuration:
License Key: Windows product key
BIOS Information: SMBIOS version, manufacturer, serial number, release date
Drivers: Installed drivers with verbose details
SID: User account names, security identifiers, domains
USB History: Connected USB storage device history
Uptime: System boot time
Language: System locale
Antivirus: Installed antivirus products
Installed Software: All installed applications with names and versions
Processes: Running processes with details
IP and Geolocation:
Local IP: Internal network IP address
Public IP: External IP via API
Geolocation: Geographical data
2. Network Information Collection
Network Configuration: Full IP configuration details
DNS Cache: DNS resolver cache
ARP Table: Address Resolution Protocol table
Network Statistics: Active connections and listening ports
Wi-Fi Profiles and Passwords: Saved Wi-Fi profile names and cleartext passwords
Network Interfaces: All IP addresses associated with hostname
Open Ports: Listening ports
Routing Table: Network routing information
Firewall Status: Firewall configuration for all profiles
MAC Addresses: Physical addresses of network adapters
3. Application Data Extraction
Web Browsers:
Supported: Chrome, Edge, Brave, Opera, Vivaldi, Opera GX
Logins: URLs, usernames, decrypted passwords
Cookies: Host keys, names, decrypted values
History: Visited URLs, titles, visit counts
Autofill: Form field names and values
FTP Clients:
Supported: FileZilla, WinSCP
Configuration files with server details
Instant Messaging Clients:
Supported: Telegram, Pidgin
File lists from Telegram’s tdata, account data from Pidgin’s accounts.xml
VPN Clients:
Supported: NordVPN, OpenVPN
Configuration files from directories
Gaming Platforms:
Supported: Steam, Discord
Configuration and storage files
Cryptocurrency Wallets:
Supported: Bitcoin, Electrum, Exodus, MetaMask, Atomic, Ledger Live, Coinomi, Armory, Jaxx
Wallet-related files from default paths
4. File Enumeration
Target Directories: Desktop, Documents, Downloads
File Types: .txt, .docx, .pdf, .wallet, .key
Size Limit: Files under 20MB
Output: Full file paths
5. Additional Data Capture
Clipboard Monitoring: Current contents, cryptocurrency address replacement
Screenshot: Full-screen snapshot as screenshot.png
Keylogger: 60-second keystroke recording
6. Persistence Mechanisms
Registry: Autorun entry under HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Startup Folder: Executable copy in Startup directory
7. Anti-Analysis Features
Virtual Machine Detection: VM-related processes
Sandbox Detection: Sandbox-specific drivers
Geographical Blacklist: Terminates if country is blacklisted
8. Command Execution
Custom Commands: Executes commands prefixed with Cmd:
9. Data Exfiltration
Data Format: XML file (ds_data.xml)
Compression: ZIP archive
Telegram Upload: Sends ZIP, splits >20MB files into 10MB chunks, 3 retries
Discord Fallback: Uploads ZIP via webhook if Telegram fails
Encryption: XOR-based encryption
10. Stealth Features
Process Hiding: Minimizes console window
11. Error Handling and Logging
Granular Logging: Individual data point logging
Error Reporting: Detailed exceptions
Debug Output: Console logging
You must be logged in to post a comment.