ThunderKitty
- want paid ver? contact me at : https://t.me/codepulze
- π Open-source stealer written in Go, all logs will be sent to a Telegram bot.
- Join our Discord server!
Current Features
- GUI Builder
- Anti-Kill: Terminating ThunderKitty will BSOD Computer
- Mutex (single instance)
- Antivirus Evasion:
- Excludes current drive from Windows Defender
- Lifetime AMSI and ETW patch
- Overtakes Hosts File
- Anti-Analysis for VMWare, VirtualBox, Sandboxes, Emulators, Debuggers, Any.run, Tria.ge
- Advanced AntiDebug
- Extracts WiFi Passwords
- Persistence:
- Task Scheduler if Admin
- Registry key if not Admin
- Backup Codes for Discord, Epic Games, Github
- Discord Token grabber for Discord PTB, Discord, Lightcord, Discord Canary
- Browsers:
- Steals logins, cookies, credit cards, history, and download lists from 37 Chromium-based browsers
- Steals logins, cookies, history, and download lists from 10 Gecko browsers
- Spreading: Executes and spreads specified message through Discord
- Disables TaskManager
- Disables Factory Reset
- Fake Error
- File Pumper
- Launches site
- Hides Console Window
- Swaps Mouse Buttons
- Changes Wallpaper
- Text-to-speech upon execution
- System Info
Installation & Setup
Pre-requisites:
- The Go Programming Language
- GCC/MinGW-w64
- For help on installing MinGW-w64, consult this link.
Building
- If you are building from source, you must run the following commands in your terminal.
set CGO=1go run main_gui.go- This command might take a few minutes as Go has to install packages such as Fyne, which are quite large.
- Once it finishes building, you will be presented with the builder UI and you will be able to proceed.
Creating a Telegram Bot
- As this stealer uses Telegram for delivery of logs, you are required to create a bot.
- The first thing you must do is message BotFather and create a new bot.
- Once you have the bot created, message chatIDrobot to receive your chat ID.
- You can then put both of these values in the builder.
- Don't forget to start a conversation with the bot you just created, as you won't be able to receive messages otherwise.
Detections
GUI & Logs:
Credits
- hackirby - Providing the base for the stealer.
- SecDbg - Contributing heavily to development (Follow him, Deserved asf and hes π).
- KDot227 - Hosts list.
Disclaimer
Important Notice: This tool is intended for educational purposes only.
This software, referred to as ThunderKitty, is provided strictly for educational and research purposes. Under no circumstances should this tool be used for any malicious activities, including but not limited to unauthorized access, data theft, or any other harmful actions.
Usage Responsibility:
By accessing and using this tool, you acknowledge that you are solely responsible for your actions. Any misuse of this software is strictly prohibited, and the creator (EvilBytecode) disclaims any responsibility for how this tool is utilized. You are fully accountable for ensuring that your usage complies with all applicable laws and regulations in your jurisdiction.
No Liability:
The creator (EvilBytecode) of this tool shall not be held responsible for any damages or legal consequences resulting from the use or misuse of this software. This includes, but is not limited to, direct, indirect, incidental, consequential, or punitive damages arising out of your access, use, or inability to use the tool.
No Support:
The creator (EvilBytecode) will not provide any support, guidance, or assistance related to the misuse of this tool. Any inquiries regarding malicious activities will be ignored.
Acceptance of Terms:
By using this tool, you signify your acceptance of this disclaimer. If you do not agree with the terms stated in this disclaimer, do not use the software.
FUTURE IDEAS FOR US
- Refracture Code (its messy)
- Games Stealing (Riot,Epic,Steam stealing)
- Self Destruct (Melt file)
- Kill Discord Token Protector
- Modify Assembly Info (Icon,Assm Info etc) (metadata)
- Documentation inside GUI, what each thing does.
- check if user is running on server
http://ip-api.com/line/?fields=hosting - after check if it has stimulated a fake https con or not