A Python-based malware agent designed to act as a persistent agent, staying active while awaiting commands.
NOTE: This malware does not request admin privileges!
INFO: ENCRYPTION/DECRYPTION not working after a reboot because the script loses its permissions to write files. I'm trying to exploit it. The first run runs fine. You can setup it to encrypt it at run if you like to. The encryption can retrieve the files before encrypting, and send to the server!
WARNING: I AM NOT RESPONSIBLE FOR ANY DAMAGE THIS CODE MAY CAUSE, PLEASE USE WITH WISDOM AND TO NOT HARM ANYONE
- Maintains a connection while the target machine is operational.
- Automatically starts at every reboot.
- Copies itself to a folder in the APPDATA directory when executed.
- Masks its executable name when copying it to the APPDATA folder to remain undetectable.
- For example, if the executable was named
malware.exe
, it will be copied asWindowsUpdate.exe
for low detectability.
- For example, if the executable was named
- Capture screenshots.
- Record audio.
- Implement a keylogger to record and dump keyboard inputs.
- Retrieve sensitive data from web browsers, including downloads, cookies, saved passwords, and saved credit card information.
- Execute any command provided via CMD.
- Retrieve system information such as the approximated location, recent IPs connected to the machine, and system details for potential social engineering.
- Encrypt files, with a "READ_ME_IM_IMPORTANT.txt" file added to Downloads, Documents, and Desktop folders containing instructions on decrypting the data.
- Decrypt files using a decryption key.
- Zip together important files while maintaining their respective file structures and send them to the master.
- Maintain a Heartbeat system with connected agents, using asyncio for simultaneous heartbeats to improve efficiency.
- Remove agents with no heartbeat detected or in case of errors.
- Features a simple UI to view logs and interact with connected agents.
- Buttons are enabled only when an agent is available and selected.
- Randomly select an icon name from a list and generate a file with that icon. For example,
malware.exe
becomesmalware.pdf
with a PDF icon. - Use the
UNITRIX
exploit to mask the executable's file type, making it appear as another file type while maintaining functionality.
- Generate a one-file executable, infecting the user with just a single run.
To use this malware agent, follow these steps:
- Clone this repository to your local machine:
git clone https://github.com/pedrohusky/malware-agent.git
- Navigate to the downloaded folder:
cd malware-agent
- Install the required dependencies:
pip install -r requirements.txt
- To generate the executable, use the following command (you can freely modify the code before generating the executable if needed):
python generate_exe.py
- After generating the executable, start the server:
python master_server.py
Wait for someone to be infected with your executable.
Please ensure that you have Python and pip
installed on your system before following these steps.
- Make it run in linux and mac
- Add abilities
- Idk