VeraCryptThief

VeraCryptThief by itself is a standalone DLL that when injected in the VeraCrypt.exe process, will perform API hooking via Detours, extract the clear-text credentials and save them to a file.

An injector program makes use of sRDI technique to generate a reflective DLL shellcode and inject it into the target process with the help of D/Invoke API.

DISCLAIMER. All information contained in this repository is provided for educational and research purposes only. The author is not responsible for any illegal use of this tool.

Demo

demo

Credits

  • SEKTOR7 Institute (@SEKTOR7net) for the RED TEAM Operator: Malware Development Intermediate Course.
  • @0x09AL for RdpThief.
  • @monoxgas for sRDI.
  • @TheWover and @FuzzySecurity for DInvoke.

GitHub

View Github