Skip to content

Decompiler and deobfuscator that offers support to track discord webhooks inside: blank stealer, luna grabber, thiefcat, Creal and all unobfuscated grabbers

Notifications You must be signed in to change notification settings

TaxMachine/Grabbers-Deobfuscator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Grabbers Deobfuscator

This repository contains some methods to disassemble and deobfuscate discord malwares (Blank, and others). It will give you the webhook and validate it if it found one.

Usage

Open cmd.exe (or powershell idfk) and type this in the SAME directory as the script

python deobf.py [yourfile.exe]

You can also directly analyze it from a external source

python deobf.py -d https://link.com/malware.exe

You can also do this to get help

python deobf.py -h

some grabbers like empyrean need python 3.10 so be sure to check the extractor warnings if there are. if you have an error with thiefcat deobfuscation, use python 3.11.4 Tutorial

Decompiler & Disassembler

pycdc is precompiled and the binaries are in this repo but if you think these are not safe, please build your own (recommended). Here's the decompiler repository: [https://github.com/zrax/pycdc]

TODO

if you wish to add a grabber to the methods, Dm me on Discord: taxmachine (link the source code if existing and send me a sample of it (.exe)) or fork this repository and make a pull request.

  • Blank (python)
  • Vespy (python)
  • Luna (python)
  • Red Tiger (python)
  • Vare obfuscation (Potna stealer?) (python)
  • All the random python grabbers with no obfuscation
  • W4SP (python)
  • Thiefcat (python)
  • Ben (Java)
  • Creal (python)

Issues

If you encounter an issue, before creating one on github, please read this. Provide as much informations as possible (stacktraces, with what you used it). If its because your grabber is unsupported, submit your sample in my Discord dms

Credits