White Snake - APT spyware

White Snake - APT spyware

WhiteSnake

🔹 Windows stub features🔹


  • File loader.
  • Leaves no trace.
  • Strong log encryption.
  • No server/ports needed. (All infrastructure works over tor network)
  • Fast execution in memory.
  • You able to install beacon into victim PC for remote access.
  • Functionality can be extended by editing grabber commands tab in builder.
  • USB spread
  • Local users spread (Install stealer to other users on victim's pc; requires user login)
  • Browsers history view


Apps collection:

Firefox, Chrome, Chromium, Edge, Brave, Vivaldi, CocCoc, CentBrowser, Thunderbird, OBS-Studio, FileZilla, Snowflake-SSH, Steam, Signal, Telegram, Discord, Pidgin, Authy, WinAuth, Outlook, Foxmail, The Bat!, CoreFTP, WinSCP, AzireVPN, WindscribeVPN.

Wallets:

Atomic, Wasabi, Exodus, Binance, Jaxx, Zcash, Electrum-LTC, Guarda, Coinomi, BitcoinCore, Electrum, Metamask, Ronin, BinanceChain, TronLink, Phantom.


Payload available extensions list: EXE, SCR, COM, CMD, BAT, VBS, PIF, WSF, hta, MSI, PY, DOC, DOCM, XLS, XLL, XLSM.

🐧 Linux stub features 🐧

Apps collection:

Firefox, Exodus, Electrum, FileZilla, Thunderbird, Pidgin, Telegram.


  • File size: ~5kb
  • Coding language: Python
  •  PY and SH output extensions available.
  • Signal recovery(tested on ubuntu and manjaro)

🧬 Panel features 🧬

👷 Builder

In builder you can generate payload.

You need to set telegram bot token and chat id.

Use @BotFather to create new bot and @chatIDrobot to receive your chatid.

Don't forget to write /start command to initialize it.


You can select execution method (Non-resident or Resident)

Non-Resident stub will steal data and self-destruct.

Resident stub will steal data and you will be able to control victim PC later.


Builder can generate python library and automatically upload to PyPi.

Malicious library can be injected into any legit project or python file, it works on windows and linux.


  • You can set fake digital signature.
  • File size pumper.
 You can expose local IP:PORT on victim's device. (To access the local network):



proxy-setup command (Allows you to setup SOCKS5 proxy from victim pc)

netdiscover command (Allows you to perform LAN scan for devices and open ports)


Clipper (spoofs BTC, ETH, XMR, BCH, ZEC, DOGE, LTC, TRX, DASH, NEO, XLM, BNB, SOL, ALG wallets)



🔖 Report page

Browser History render is disabled by default. (To speed up report load)

You can enable history render by toggling key in config (%LocalAppdata%\WhiteSnake\templates\lib\js\config.json)


💻 Basic information tab

Contains system info and desktop screenshot.


🤖 Automatic actions tab

Contains scripts which panel can do to save your time.

Here is full list:

Find proxies - Will try to find free SOCKS5 proxies from victim country.

Ronin/Metamask - You can bruteforce this wallets and extract mnemonic phrase.

Steam - You can view victim's steam profile.

Telegram - Will open victim's telegram session. If it has local passcode - will ask for passwords list to bruteforce.

<Browser> / <Profile> - Will open browser with victim's cookies, spoofed User-Agents also you can use SOCKS5 proxy.

Updated automatic action with browser cloning. Now it works more faster and better with all data import from Chrome and FF based browsers (Also compatible with old reports)

FTP <Host> - Will connect to ftp server.

Discord - Will open browser and import discord token to access account.

Roblox account info automatic action.

Automatic action to view VK, Facebook, Twitch profiles.

Exodus Wallet bruteforce automatic action.

View victim's instagram automatic action.

View victim's github automatic action.

View victim's page on all Xenforo engine based forums (lolz.guru and etc)

View running processes and installed applications.

Automatic action to view wallet info from Ledger Live.

Automatic action to extract fullname from Diia.


process-list terminal command was added.

ls terminal command was added. (Better then using windows dir command, lol)

stream desktop/webcam (Compatible with old builds)


Signal chats decrypt/export automatic action.




🔑 Passwords tab

This tab contains passwords from all browsers and several apps like filezilla hosts, pidgin and etc.

You can export unique passwords to generate bruteforce list.

Also you can search entries by domain name.



💳 Credit Cards and AutoFill tabs (Description not needed.)


🍪 Cookies tab

Contains cookies from all detected browsers, you can export them into Netscape or Json format.


📂 Grabber tab

Contains stolen files. For example wallets, apps sessions and etc.

🐚 Remote Terminal tab

Appears only if you have enabled "Resident" mode in builder.

If victim's PC is online - green dot will blink near "Remote terminal" caption.

You can execute system commands, download and run files, refresh report (run stealer again), do desktop screenshots, webcam screenshot download files from PC.

DPAPI decrypt remote terminal command

'transfer' (To upload file and get direct url; Will be faster then uploading using tor)

'compress' command to create ZIP archive from directory.

'decompress' command to extract ZIP.

Also, you can specify if need to download and run file or just download.

🏹 Log export/import

In the telegram bot you will receive WSR files. These are encrypted logs, only your panel can open them.

You can export WSR as ZIP archive or JSON file.

Exported JSON log will load faster, also it can be shared with other WhiteSnake customers.

JSON report can be imported by "White Snake Report" desktop icon.

You can do bulk WSR to ZIP convertation using "White Snake ZIP" desktop icon.

Progress bar for log download using "Open" button from tg bot.


LNK exploit builder

update 1.6

-Added PDF extension into LNK exploit builder. (Requires Adobe Reader installed to display icon)

-Yandex Browser recognition


IPLogger


Geolocation tab

Based on Wi-Fi points; Requires WLAN module on victim's pc to work; accuracy 30 meters

Geolocation map has light/dark layers depending on selected theme.

📹 Some videos (Including old versions)


First release, v1.0
Update v1.1 (Added Linux stub)
Update v1.3 (WSR to ZIP convertation)
Update v1.4 (Same WSR to ZIP but better, lol)
Update v1.5 beta (Added Automatic actions tab) etc
Update 1.5.8 (Remote terminal was added)
White Snake update 1.5.8.3 (Added automatic action in builder to create telegram bot from your account)
White Snake update 1.5.8.4 (Now builder can generate python library and automatically upload to PyPi.)
White Snake update 1.5.9.3 (Keylogger was added)
White Snake update 1.5.9.6
White Snake update 1.6.0.7 (Added proxy-setup command)
White Snake update 1.6.0.7 (Added netdiscover command)
White Snake 1.6.0.10 Added WinRar 0day exploit builder (CVE-2023-38831)


💎 Prices

     200$ - 1 month

     345$ - 3 months

     590$ - 6 months

     1100$ - 1 year

     1950$ - lifetime

Payments only in crypto (BTC, ETH, USDT, LTC)


Contacts :

✈️ Telegram: @WhiteSnake_Support

🦄 Jabber: whitesnake@thesecure.biz

📝 Customer Reviews: https://t.me/+8DjyXCV1rjBkMDI6

🤠 Chat: https://t.me/+CWG1v59XG8w3ODYy


🌐 Our posts on forums

Darknet.ug

Ufolabs.net

BDFClub.com

Center-Club.io

Cookie.pro


White Snake Referral Program 

💰Promote our software and earn 25% from sales!

Each referred customer will receive a 5% discount

❕ Write to @WhiteSnake_Support and get a recommended promotion post and personal referral promocode
Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org