XFiles is a stealer that can surprise with its simplicity and ease of use, designed for both one and a huge team.
♕ Everything is already configured for you and ready to use!
♕ Native Stub, written in the C programming language. The created builds are 70% unique thanks to our self-written protector. Plan up to 90% (Coming soon)
System calls are used wherever possible, in other cases WinAPI is used, no third-party libraries are used or required, the decoding of the collected log occurs entirely on the server.
♕ Work panel in Windows and in the web panel (Coming soon)
♕ Crypt build for the Thief subscription - Unlimited recryption of your file. - We encrypt only EXE of our clients. - At the output EXE or MSI - Guaranteed bypass of AV DEFENDER - Any icon for the EXE file. - Gluing with white exe.
♕ For Professional subscription - a unique dll file is issued to bypass smart and browser Alerts, as well as our scripts.
♕ Has its own non-resident Loader.
♕ Google Cookies recovery by token.
♕ The stealer collects data if the victim's browser is open.
♕ The stealer collects up to 1GB of browser extensions.
♕Private Proxies (Coming soon)
♕ For each build, a unique obfuscated data exchange protocol is generated for interaction with the gate (knock), delivery of logs to the gate occurs in parts. Thanks to this, we greatly increase the life of builds.
♕ Works on machines from Windows 7 to Windows 11 inclusive. Please note that our stealer does not knock on the CIS!
♕ Data collection works in memory, nothing is dropped to disk.
♕ Dynamic browser data collection, collects Cookies, Passwords, Autofill, Credit Cards. Supports over 50+ browsers (Google Chrome, Chromium, Opera, Opera GX, Edge, Firefox, etc.)
♕ Collection of over 800+ popular browser crypto wallets (extensions) integrated into Chrome, Brave, Opera, Firefox and Edge browsers. Collects all possible Crypto, Nft wallets, Password, 2Fa, OTP, Authentication Managers and Notes.
♕ Customizable flexible file grabber, written with an emphasis on optimization and the use of system calls, due to which fewer detections from AV.
♕Protection from AI Bots. (Coming soon)
♕Windows/MacOs stealer/HVNC logs purchase/sale store - coming soon
♕ChatGPT and ChatIA integration into panels - coming soon
♕Antidecket Browser integration - coming soon
♕AutoCheck of crypto balances and steam inventory - coming soon
Read all updates in the posts to the topic.
Tech part:
By subscribing for $200/month, you open access to the following functionality ✦ Beautiful, modern, convenient control panel on Windows, with a choice of Light or Dark theme. The panel allows ✦ Manage a team or work alone → Ability to invite and kick team members and create your own users with a login and password → As a team owner, you can change access rights to any functionality for your members. Don't want to give any rights except the right to view logs? ✔ no problem Do you want him not to be able to delete logs, create builds, or even completely limit his rights? ✔ your member has lost rights Change the password for the user you created Kick a user out of the team ✦ Join other teams → You don’t have to be a member of just one team, you can become a member at the invitation of the owner of another team! → Your rights as a member are determined by the owner of the team. ✦ Create, edit Builds with the Build Configurator, which supports flexible customization ✔ Anti-RDP - increases the life of the build ✔ Fake dialog box with text ✔ Configure the loader - download and run your file from the link when running the stealer ✔ Blocking knocks from certain countries ✔ Grabber extensions from Browsers ✔ Obfuscation - you can configure the obfuscation of the generated executable file. Each build has basic obfuscation/encryption. ✔ You can upload your own icon, as well as change information about the created executable file. ✔ Convenient multi-level File Grabber based on rules, supporting file search in specified folders, rules can contain sub-rules, you can select the operating mode for each rule, at the moment Two modes
→ By folder - search for a specific folder, when it is found, files will be collected in it according to the filters you specified. This type can nest other rules, for example, you can easily create a rule for collecting OpenVPN configs yourself, although we already have such functionality configured for you → By nesting level - will search for all files in a given depth, but only those that match your file filters will be selected. → File filter capabilities → Check for file size size → Check for file name (by mask), for example *.txt, *.doc, pass.txt, *passwords*
✦ Setting up log knockout, checking logs for uniqueness via IP and (or) HWID. ✦ Setting up notifications in Telegram, with the ability to choose which logs you and (or) your participants want to receive notifications for, the ability to make your own log knockout format in Telegram, you can add variables to your text. ✦ Search, download and delete your logs → With a flexible search system, you will find the log you need in a matter of seconds → Ability to bulk delete or download logs from both the server and disk → The panel shows which logs have already been downloaded, there is no need to re-download them → If you do not need some logs on the disk, you can delete them from your disk with 1 click, while they will remain on the server → Ability to see which of the participants downloaded the log → Ability to find out from whose build the log came (if, for example, the build created not by you) → Each log displays the following information ️ Country - where the log came from ️ Tags - added by you when creating the build Wallets - names or icons of wallets Services - a kind of domain detect, pre-loaded domains and icons ️ Autofills - number of autofills (from browsers) CC - number of credit cards (from browsers) Cookies - number of cookies (from browsers) Discord tokens - number of tokens (from browsers) ️ Archive size Log receipt date IP address - victim's address. → The log format is specially made similar to other formats for ease of processing. ✦ View team statistics → Top 10 team members → Top 10 countries by logs → Top 10 wallets → Visualization of received logs by time using charts ✦ Automatic Panel Update → The software automatically finds out when a new update is released and downloads it automatically the next time you launch ✦ Follow the news on the main page ✦ Website where you can → Download software (panel) → View news related to project → Get information about your account and its activity
✦ Support service works 24/7
Admin Panel Foto:
Log Structure:
Developer's Comment:
Even good software is of little value without constant support and maintenance by its author. New versions of software are released, aver analyzes malware, one way or another, something needs to be constantly changed, updated, and finalized. Programs are updated, aver databases are updated, and software without support in a month becomes no better than public. For example, let's take Azorult, which was the most popular stealer at one time, but quickly died after the author disappeared. At first, because of the large number of detections, but it was finally finished off by the Chrome update (version 80), which changed the encryption algorithms. Therefore, buying a subscription is a guarantee that we will support our project. About crypto. Someone thinks that crypto is a panacea, it doesn't matter that even Windows Def detects malware, you can encrypt it and go on working. This is not true. Remember once and for all - crypt only saves from detections in statics, that is, when the file is on the disk, or sent by mail, downloaded from somewhere. In dynamics, the software creator should remove detections and nothing else. Legends about miracle cryptographers who supposedly remove runtime detections are circulating on forums, but this is another urban legend, crypt complicates malware analysis (depending on the tricks of the cryptographer), this is the best he can do.
♕ Premium Subscription, everything you need for work Price - $200 - 1 Month. ✔ 24/7 Support ✔ Premium Chat in Matrix for clients. ✔ Maximum 20 users per team. ✔ Windows C++ Native Stab X64 ✔ Access to the manual. ✔ Google token recovery. ✔ Non-resident Loader. ❌ Crypt (Unique Stab) ❌ Bypass Defender. ❌ Bypass Smartscreen. ❌ Bypass Browser Alerts. ❌ Private Scripts. ❌ MacOS Stab (in development)
♕ Thief Subscription, for people who are aware of their actions. Price - $450- 1 Month. ✔ 24/7 Support ✔ Premium Chat in Matrix for clients. ✔ Maximum 20 users in a team. ✔ Windows C++ Native Stab X64 ✔ Access to the manual. ✔ Google token recovery. ✔ Non-resident Loader. ✔ Crypt (Unique Stab) ✔ Bypass Defender. ❌ Smartscreen Bypass. ❌ Browser Alerts Bypass. ❌ Private Scripts. ❌ MacOS Stab (under development)
♕ Professional Subscription, for like-minded people - a quick start to launch your traffic! Price - $2500- 1 Month. ✔ 24/7 Support ✔ Premium Chat in Matrix for clients. ✔ Maximum 20 users in a team. ✔ Windows C++ Native Stab X64 ✔ Access to the manual. ✔ Google token recovery. ✔ Non-resident Loader. ✔ Crypt (Unique Stab) ✔ Defender Bypass. ✔ Smartscreen Bypass. ✔ Bypass Browser Alerts. ✔ Private Scripts. ❌ MacOS Stub (in development)
OP Posted at 04-09-2024, 10:11 PM (This post was last modified: 30-11-2024, 08:48 PM by LuciferXFiles.)
🏠Update 3.8.0
➖ Added interactive instructions on how to use the Loader and File Grabber for your convenience! ➖ Adjusted the collection of browser data. ➖ Updated the pads (every 24 hours) ➖ Cleaning the crypt stub - works 24 hours.
===================================================================== Support
OP Posted at 10-09-2024, 03:40 PM (This post was last modified: 30-11-2024, 08:49 PM by LuciferXFiles.)
Update 3.9.0
➖ Changed the interface of the Extension Grabber, now it has become much more convenient: the ability to import prepared extensions in "CSV" and "Simple" format as shown in the screenshot. It is now possible to import a list of extensions recommended by us into your config with 1 click. ➖ Extension names will now be shown in the archive with the log (as in the screenshot) ➖ Improved localization to EN, RU, ES. ➖ Updated proxy servers (every 24 hours.) ➖ Cleaning the crypto stub (every 24 hours.) ---- We are already working on a new major update! Personal proxies, Hidden VNC and much more!
===================================================================== Support
OP Posted at 30-09-2024, 09:12 PM (This post was last modified: 30-11-2024, 08:50 PM by LuciferXFiles.)
🏠Update 3.10.0
Added decryption of new Google Chrome cookies!
➖ Almost silent decryption of new cookies, bypass of admin rights is used, the build does not moved into the folder with the installed Google Chrome as in many other stealers!
➖ Updated the Panel
➖ Optimized the build, minimized unnecessary network activity from the build.
Support for decryption only for new builds, for this in the old config you need to click on the button to switch to the new version and create a build.
➖ Decryption of new Brave Cookies is also available.
➖ Thanks to decryption, the stealer collects cvc in the same way.
➖ Updated proxies (every 24 hours.)
➖ The Tester subscription is no longer available.
➖ Improved crypt stub - subscription cost is $ 250 per month.
===================================================================== Support
OP Posted at 08-10-2024, 07:35 PM (This post was last modified: 30-11-2024, 08:50 PM by LuciferXFiles.)
Update 3.11.0
➖A small update, added log markers by default, to do this you need to go to Team Management > Log Markers (at the very bottom) > Click on the blue button ➖Now we are in matrix https://matrix.to/#/@luciferxfiles:matrix.org
===================================================================== Support
OP Posted at 11-10-2024, 04:24 PM (This post was last modified: 30-11-2024, 08:51 PM by LuciferXFiles.)
Update 3.12.0
➖ A small update, the control panel of created builds has been improved, the ability to mass delete builds has appeared. It is worth noting that the logs received from deleted builds will still be sent to your panel!
===================================================================== Support
OP Posted at 15-10-2024, 11:17 PM (This post was last modified: 30-11-2024, 08:51 PM by LuciferXFiles.)
Update
We have updated the stub, now we also collect Mail clients - Outlook (New, Classic, Office 2016 with decryption of the president), Thunderbird. Remote control tools - AnyDesk, Windows RDP (we also decrypt the password from it, if it is present)
===================================================================== Support
OP Posted at 19-10-2024, 08:45 PM (This post was last modified: 30-11-2024, 08:51 PM by LuciferXFiles.)
🏠Update 3.13.0 🏠
➖ A small but important update! Google Chrome in version v130 slightly changed the encryption method, so we changed the decryption algorithm. Rebuild IS NOT REQUIRED, only our server part is affected. If you have broken (with hieroglyphs, etc.) cookies due to the new version of Chrome, write to support - we will help you restore these cookies! ➖Now when creating a build config, the config is created with a new version (v5) automatically. ➖Removed lags in the chrome extensions management interface (only for v5).
===================================================================== Support
OP Posted at 20-10-2024, 05:29 PM (This post was last modified: 20-10-2024, 05:30 PM by LuciferXFiles.)
Дорогие участники проекта , в связи с последними новостями в телеграмме , рекомендуем подписаться на Element мессенджер чтобы оставаться всегда на связи.
Dear project participants, in connection with the latest news in telegram, we recommend subscribing to Element messenger to always stay in touch.
![[Image: XFiles-EN.gif]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGVgHA0taWkkGE2RKdAliHGsnWQpVRUh8eRhUWAI-/XFiles-EN.gif)
![[Image: panel.png]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXZAgAYHQSXhUfRgRXUlodQQoF/panel.png)
![[Image: pnael-2.png]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXV1NealAMV1YfRgtYUloeA0oSCwM-/pnael-2.png)
![[Image: panel-3.png]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXRGtlYnhQdFIfRgRXUloeAkoSCwM-/panel-3.png)
![[Image: panel-4.png]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXdkpYQkQ1BzIfRgRXUloeBUoSCwM-/panel-4.png)
![[Image: log.png]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXYlEHe3glAiIfWgpeGUZdVg--/log.png)
![[Image: build-Clear.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXY0FWdWVUfiEfVBBQW1IecggHBBYZWxUG/build-Clear.jpg)
![[Image: Update-3-8-0.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXAGh4C3cbQlIfYxVdVkJWHFdPXUkHHw8RAg--/Update-3-8-0.jpg)
![[Image: 1.png]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXB2NTYktRYgwfB0tJWVE-/1.png)
![[Image: 2.png]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXBmhvWWkWRFYfBEtJWVE-/2.png)
![[Image: Update-3-9-0.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXR21NR10MBxIfYxVdVkJWHFdPXEkHHw8RAg--/Update-3-9-0.jpg)
![[Image: 1.png]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXe08MeFFZfVYfB0tJWVE-/1.png)
![[Image: 2.png]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXZlJReVgxCQsfBEtJWVE-/2.png)
![[Image: 3.png]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXYmNMfQARdwAfBUtJWVE-/3.png)
![[Image: 4.png]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXWlNTcEpXW1cfAktJWVE-/4.png)
![[Image: Update-3-11-0.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXYUFkVQMqdyQfYxVdVkJWHFdPVFUaAUsLFV4-/Update-3-11-0.jpg)
![[Image: Update-3-12-0.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXXksDYF0qey0fYxVdVkJWHFdPVFYaAUsLFV4-/Update-3-12-0.jpg)
![[Image: 35e2196c-7128-4c7d-9782-338a2c70d6e8.png]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXZwpXA0MJexcfBVBcBQcKBwdPUlUFCUhVBg5RSw5VDwodCgYLUlNTUQBSU1wPGENfAw--/35e2196c-7128-4c7d-9782-338a2c70d6e8.png)
![[Image: Update-3-13-0.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXdmtkf1BRYgIfYxVdVkJWHFdPVFcaAUsLFV4-/Update-3-13-0.jpg)
![[Image: Update.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXVnVeQHRZRjAfYxVdVkJWHw4SAg--/Update.jpg)
![[Image: Important.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGUEKEhFQWAEZAVQXflNTQlsHQhUffwhJWERHUAoWSw5HVg--/Important.jpg)
