gui features

• written with customtkinter, CTkToolTip, CTkMessagebox and hPyT
• uses pyarmor for obfuscating malware and pyinstaller for compiling to .exe
• allows setting custom icons to the malware .exe
• allows setting custom name for the malware .exe
• has documentation built into the GUI under the documentation tab

malware features

• supports Bitcoin, Ethereum, Litecoin, Monero, Solana, Dogecoin, Ripple, Tron at the same time
• three different types of the same malware but using different methods. subprocess, ctypes and pyperclip
  • subprocess uses powershell commands to read and set clipboard - uses python standard libary so no need for the target to install anything
  • ctypes uses ctypes to read clipboard and powerhsell to set clipboard - uses python standard libary so no need for the target to install anything
  • pyperclip uses the pyperclip module to read and set clipboard - requires the target the run the command pip install pyperclip
• duplicates and adds itself to startup apps (registry) for persistence under a different name
• has single use method
• allows discord webhook (whenever a address is detected you get a discord notification which says the computer name and that the address has been changed), doesnt need any installs as uses http.client rather than requests to send POST requests to webhook
• option to ping @everyone
• malware saved as .pyw and then compiled to .exe meaning that the malware runs in the background silently

features i will want to add in the future

• self check to avoid multiple instances
• file extention spoofer
• file size pumper
• code within "" and executed with exec()
• another obfuscation method and compile method to choose from
• duplicate file cleaner (when the persistent file is cteated remove its icon to make less obvious in startup apps)
• anti virus disable/self exclude (no idea if self exclude is even possible lol)
• anti virtual machine
• process injection???? - maybe on this one, no idea how it works
• exclude - (exclude specific computer names and so on)

if discord is being used

git clone https://github.com/3022-2/raccoon_clipper.git

cd raccoon_clipper

pip install -r requirements.txt

python main.pyw or double click main.pyw

1. kill the process in task manager and delete .exe
2. run uninstaller.py in uninstaller folder - if there is an error removing registry entry (cant find path) this is fine it means it isnt in startup anyway

you can also manual uninstall

1. kill the process in task manager and delete .exe
2. goto %appdata%
3. delete storage0 folder and CLPPTH folder
4. goto Software\Microsoft\Windows\CurrentVersion\Run in registry editor
5. delete entry named CLPPTH

DISCLAIMER: The code provided in this repository is intended for educational and malware analysis purposes only. Any use of this code for illegal or unethical activities is strictly prohibited. The author of this code shall not be held responsible for any misuse or damage resulting from its use. Users are solely responsible for ensuring compliance with applicable laws and ethical standards.
WARNING: THIS IS MAKES MALWARE DESIGNED FOR STEALING CRYPTOCURRENCY. USE UNINSTALL GUIDE IF UNINSTALL CODE FAILS. (not found error doesn't necessarily mean didnt uninstall)

discord: cumsock0