Evil Extractor

Feedbacks
Youtube Discord Telegram

Evil Extractor

Evil Extractor is an attack software developed by Kodex, against Windows-Based operating systems. There are 7 main attack types to choose from in Evil Extractor. Each of them has different features but, they all work via ftp service.

Real hackers don’t use reverse shells right? If you have only one bullet, would you waste with reverse shell? Try Evil Extractor to have golden bullet.

Antivirus Results

Screen & Webcam Extraction

In this method, you’ll get screen and webcam images (at the same time) from target system in the time range you choose and it’s also persistence on target system. You can reach these screen and webcam images via your ftp service.

Note: The Screen & Webcam Extractor, when used with the all-in-one attack method, does not provide persistence on the target system.

Credentials Extraction

With the credentials extraction method, Evil Extractor agent bring us a lot of information about target system. These are: Public IP, real-time location, computer username, RAM, GPU, CPU and many other things. It also brings us the target system’s all the wireless networks that target system has ever connected to (with passwords).

Keylogger

The KeyLogger method records the target system’s keystrokes offline and it’s also persistence on target system. You can reach these logs depending on the time period you choose (from your FTP server).

Note: The Keylogger, when used with the all-in-one attack method, does not provide persistence on the target system.

File Extraction

Everyone knows, people keeps important documents (like picturespasswords and other stuffs) on their computer. With file extracting attack, you’ll receive Downloads and Desktop files from target system. Be sure to set your ftp server’s storage well when trying this method. May be too many files on the target system. 

Files with these extensions will be extracted: jpg, png, jpeg, mp4, mpeg, mp3, avi, txt, rtf, xlsx, docx, pptx, pdf, rar, zip, 7z, csv, xml, html

Password & Cookie Extraction

With the password & cookie extraction method, you can reach passwords (for popular browsers such as Chrome, Opera, Firefox, Microsoft Edge etc.) and cookies (for Chrome, Firefox, Opera Stable and Microsoft Edge in JSON format) on target system and you can access these values remotely via ftp. Additionally, it will retrieve browser histories. You can directly login with passwords or you can replace your cookies with new ones and hijack the all target user sessions (Bypass 2FA). 

All in one

With the all-in-one option, you combine all the other attack types (Screen & Webcam Extractor + Credentials Extractor + Keylogger + File Extractor + Password & Cookie Extractor) together. When the target system executes Evil Extractor agent, you’ll get passwords,  cookies, credentials, important files, keylogs, screen and webcam images.

Kodex Ransomware

The Kodex Ransomware attack option silently encrypts files on the target system using the archiving method based on the area selected by the user. You can reach information about encrypted files through your FTP service. You will also get a one-time screenshot when the encryption process is completed on the target system. The only way to access encrypted files is to enter a randomly generated 50 character key. Otherwise, encrypted files will remain locked forever.

Note: KodexRansom feature is not included in all-in-one.

Extra Features

Evil Extractor has binder and private encrypter inside itself (Each customer have their own encrypter. No one will be effected by the behavior of others). You can bind your agent with exepdf or txt files (size limited with: 500 mb). With the extra features option, agent will be encrypt itself (file size will increase). Also, this encrypter can updates itself online.

Happy Note: This binder also integrated with persistence module(s). If you bind any file with one of our persistence module(s), our agent will be work successfully but additional file will not open at windows startup.

If you don’t know what to do, don’t worry! We will send a detailed documentation for you. 

• Windows 10 (x64) ✅

• Windows 11 (x64) ✅

(Virtual machine highly recommended for clean setup)

• Fully integrated with Windows 10/11 (x64 & x86) ✅

• Also works on all Windows Operating systems (x64 & x86) based on PowerShell 5.1 & 5.1 + ✅

You can check the list from here

Ftp server (We will provide free FTP server for 1 month to all customers)

[Can’t be destroyed] Evil Extractor agent keep works in the background, even if it is forcibly closed after it executes. (Works with Extra Features)

[Agent Scan System] You can scan your agent detection value through Evil Extractor (KleenScan Service)

[Windows Defender Bypass] Evil Extractor agent will add itself to exclusions once it executes.

[Anti VM-VirusTotal] Evil Extractor agent will not run inside Virtual Machine/VirusTotal

[Silent] Evil Extractor agent will be fully silent in the background once it executes.

[No Traces] Evil Extractor agent leaves no trace on the target system.

[UAC Bypass] Evil Extractor agent will always run as administrator.