Skip to content

Latest commit

 

History

History
56 lines (38 loc) · 1.94 KB

README.md

File metadata and controls

56 lines (38 loc) · 1.94 KB

Grabbers Deobfuscator

This repository contains some methods to disassemble and deobfuscate discord malwares (Blank, and others). It will give you the webhook and validate it if it found one.

Usage

Open cmd.exe (or powershell idfk) and type this in the SAME directory as the script

python deobf.py [yourfile.exe]

You can also directly analyze it from a external source

python deobf.py -d https://link.com/malware.exe

You can also do this to get help

python deobf.py -h

some grabbers like empyrean need python 3.10 so be sure to check the extractor warnings if there are. if you have an error with thiefcat deobfuscation, use python 3.11.4 Tutorial

Decompiler & Disassembler

pycdc is precompiled and the binaries are in this repo but if you think these are not safe, please build your own (recommended). Here's the decompiler repository: [https://github.com/zrax/pycdc]

TODO

if you wish to add a grabber to the methods, Dm me on Discord: taxmachine (link the source code if existing and send me a sample of it (.exe)) or fork this repository and make a pull request.

  • Blank (python)
  • Vespy (python)
  • Luna (python)
  • Red Tiger (python)
  • Vare obfuscation (Potna stealer?) (python)
  • All the random python grabbers with no obfuscation
  • W4SP (python)
  • Thiefcat (python)
  • Ben (Java)
  • Creal (python)

Issues

If you encounter an issue, before creating one on github, please read this. Provide as much informations as possible (stacktraces, with what you used it). If its because your grabber is unsupported, submit your sample in my Discord dms

Credits