This repository contains some methods to disassemble and deobfuscate discord malwares (Blank, and others). It will give you the webhook and validate it if it found one.
Open cmd.exe (or powershell idfk) and type this in the SAME directory as the script
python deobf.py [yourfile.exe]
You can also directly analyze it from a external source
python deobf.py -d https://link.com/malware.exe
You can also do this to get help
python deobf.py -h
some grabbers like empyrean need python 3.10 so be sure to check the extractor warnings if there are. if you have an error with thiefcat deobfuscation, use python 3.11.4
pycdc is precompiled and the binaries are in this repo but if you think these are not safe, please build your own (recommended). Here's the decompiler repository: [https://github.com/zrax/pycdc]
if you wish to add a grabber to the methods, Dm me on Discord: taxmachine
(link the source code if existing and send me a sample of it (.exe)) or fork this repository and make a pull request.
- Blank (python)
- Vespy (python)
- Luna (python)
- Red Tiger (python)
- Vare obfuscation (Potna stealer?) (python)
- All the random python grabbers with no obfuscation
- W4SP (python)
- Thiefcat (python)
- Ben (Java)
- Creal (python)
If you encounter an issue, before creating one on github, please read this. Provide as much informations as possible (stacktraces, with what you used it). If its because your grabber is unsupported, submit your sample in my Discord dms
- PyInstxtractor for the pyinstaller archive extractor
- PyInstxtractor-ng for the encrypted pyinstaller archive extractor
- pycdc for the python bytecode disassembler