#infostealer

• windows based chromium and firefox based browser credentials stealer (cookies, browsing history, username & password).
• extracts credentials from winscp, filezilla, winvault.
• dumps lsass and extract domain user credentials (when run in a domain-connected machine).
• supports dpapi based decryption only. no guarantee for future browser version support.
• stealth, does not use c-runtime libraries. compile with /nodefaultlibs /DNDEBUG

There feature is found exclusively only in KPOT infostealer malware which was sold to (REvil group) [https://www.cyberdefensemagazine.com/revil-ransomware-member-win-the-auction-for-kpot-stealer-source-code] I developed it for some private request, uploaded here for learning & archival purpose only.