mirror of
https://github.com/avast/ioc
synced 2024-06-20 13:58:34 +00:00
MassLogger
This commit is contained in:
parent
ec345945de
commit
fb7c3562ee
@ -11,49 +11,45 @@ Malware analysis and more technical information at
|
|||||||
## Samples (SHA-256)
|
## Samples (SHA-256)
|
||||||
#### MassLogger binary and related files
|
#### MassLogger binary and related files
|
||||||
```
|
```
|
||||||
518ac201abeaba51946729c18b4aa0f1d2b1ec93c5fb212245de658387738b1d
|
56cdab11e53a0e5874133e04e90e5829f9d28a3cfd215a5f9e98c3b146bb3c1a
|
||||||
245e470d00a4da06a576ddee4bf9c0f03a8bb1084f2059b19c988d8bd7e78b7c
|
c5e4e3626c2df21cb71de5713203c3155481ac3a4e33642466b5c7fc8176bab2
|
||||||
16b7b4738aae90442e6d976ca8261e9941c894cb5630c2f474bba4ce0f164bea
|
1ddfb935de736c5e8bd07d909d08cfdf105cf45fbfd46801ff65d9bc0cf51ca7
|
||||||
49b58c17a00fcc1f2f5b54d7ea4a51de450357771cc796b1c0ec2511bfebb234
|
|
||||||
61312b72632f897fb5f36493f1e3696885674ef10cb8343520040194f340a92a
|
|
||||||
898303c2fbab7608e4a85fc9c6f38a75815c9e23bb0980415cc2a7fcff0fbf63
|
|
||||||
478d137f1c915b24c799c9f1c81b4bd9adb423fe57e5c33addd3a6031f87aa47
|
|
||||||
73c8b6f716d0e2a40f8a437ef14b90b160c3ac5da10469db0252075c112d74dd
|
|
||||||
167deeb9c2533a249de5795b2cda3213988a15f0e3adb1eb0ef097a5fedbf70b
|
167deeb9c2533a249de5795b2cda3213988a15f0e3adb1eb0ef097a5fedbf70b
|
||||||
4fc8063a138a426737f939cc23844df0e3be3c2aaec043a5136bc8cccc065f60
|
972662b8c2761f8557a4db52c4b8cb9c10dd712eb49baa6cb6701c252382465a
|
||||||
c0bc32ac8075ff6d3c44a8579529f8e9363a9d8520db70ff0665ac83e96ca1fa
|
|
||||||
4437b68359985c54b9ca97444f4b3a8db6ac4ca90fa7312305123920e9daac02
|
|
||||||
772532344e2f49bc9e8bfa2c6d61f789617f7ecb01f26aa7ce6d672137718178
|
772532344e2f49bc9e8bfa2c6d61f789617f7ecb01f26aa7ce6d672137718178
|
||||||
29afcbe8fc5da49fbce2da538821e1c6a806d6a640d68f995195ea271a5357e8
|
29afcbe8fc5da49fbce2da538821e1c6a806d6a640d68f995195ea271a5357e8
|
||||||
|
4fc8063a138a426737f939cc23844df0e3be3c2aaec043a5136bc8cccc065f60
|
||||||
93316169290f31a1aa2ed1613ee44f2e529238ca26600df07a8b0076c38bc146
|
93316169290f31a1aa2ed1613ee44f2e529238ca26600df07a8b0076c38bc146
|
||||||
6f026b437efabd6237c2cc0f0ba97efe67fbb3334a35a7c5ef4be4e893d5d110
|
|
||||||
918d6ee42b04f8ff7c952a479ef6c12db6b594cb032cbd2b2cc99538f5eeebb4
|
|
||||||
658553ecc9631400e23f4a3ab88b8dd1f101a1e0d5bb61c434d332878a52c64d
|
|
||||||
bb2b16143b3fbbfa756d74faa9ae92c2c06035a7100a5ed2b44bf6cf3ab9258a
|
|
||||||
7b3491ec6132248cc30c29ee292849c1c2637eb8d52016f9f01d6124c1b9581b
|
|
||||||
c8f402b68c199a7dbc98c47d2bd23085dcdfa5fb4adeb8a43a319ef0dd5044e6
|
|
||||||
56cdab11e53a0e5874133e04e90e5829f9d28a3cfd215a5f9e98c3b146bb3c1a
|
|
||||||
8908918728286712e2f32e8319e75af0341d9c1bebe07ee460362d4752d6f1e8
|
8908918728286712e2f32e8319e75af0341d9c1bebe07ee460362d4752d6f1e8
|
||||||
03afa4fdd197b0fb7d20e26343cd6a84f42b2be0e8d9ba060f7f689cb17a8d52
|
6f026b437efabd6237c2cc0f0ba97efe67fbb3334a35a7c5ef4be4e893d5d110
|
||||||
982bd53341535ec66cae51fda4631f39ed9ba44947a783b5a2edf66daf28c7b3
|
|
||||||
076aba31de83cc4cf644ca2b577d652aa3ce7ec64b8ea66fdf54a38b21cbf84e
|
|
||||||
a6e82eb37aef00046c58cf6f57e011af918828ab590438ea97dcb1bf6aea6488
|
|
||||||
e32e29a9e0c222af6a2daa4cfc99df98d996f53fdf4f4d451021bb57fec68a83
|
|
||||||
5a53fe3402bdeadc3050347b922358e1bc183210a6e69640e3df91018988274d
|
|
||||||
569b8e82be35754c8d0f183c63f725863e04c7a72cccfb4368fc735c35a35a7b
|
569b8e82be35754c8d0f183c63f725863e04c7a72cccfb4368fc735c35a35a7b
|
||||||
7a8db30a1f86b7d4db0b9e10eea646d254fe9f235881a81f2fc21380f45b3051
|
c8f402b68c199a7dbc98c47d2bd23085dcdfa5fb4adeb8a43a319ef0dd5044e6
|
||||||
1ddfb935de736c5e8bd07d909d08cfdf105cf45fbfd46801ff65d9bc0cf51ca7
|
73c8b6f716d0e2a40f8a437ef14b90b160c3ac5da10469db0252075c112d74dd
|
||||||
d1bea71bbdcf75f0b5f49cd0c4bca1fd70dc6ef44333e034e015c315ba4b408c
|
|
||||||
c5e4e3626c2df21cb71de5713203c3155481ac3a4e33642466b5c7fc8176bab2
|
|
||||||
972662b8c2761f8557a4db52c4b8cb9c10dd712eb49baa6cb6701c252382465a
|
|
||||||
56358232f7320b3ade07fed642a0520ac19f7d2e6ace6c23e59b10376d63c561
|
|
||||||
2c72055f04248f5cd5a05d4929eabda0934d2575b92149f45001be5ca981584f
|
2c72055f04248f5cd5a05d4929eabda0934d2575b92149f45001be5ca981584f
|
||||||
ef6e8e8d31d3167c9cd5d1b177950992d7cb8f9f3f4a363dd9a2e86d7653fa39
|
bb2b16143b3fbbfa756d74faa9ae92c2c06035a7100a5ed2b44bf6cf3ab9258a
|
||||||
e0e6e90b952c07f8b8793b47d13fec103295cc5f299774686c4e09761226640d
|
7a8db30a1f86b7d4db0b9e10eea646d254fe9f235881a81f2fc21380f45b3051
|
||||||
49b58c17a00fcc1f2f5b54d7ea4a51de450357771cc796b1c0ec2511bfebb234
|
982bd53341535ec66cae51fda4631f39ed9ba44947a783b5a2edf66daf28c7b3
|
||||||
16b7b4738aae90442e6d976ca8261e9941c894cb5630c2f474bba4ce0f164bea
|
658553ecc9631400e23f4a3ab88b8dd1f101a1e0d5bb61c434d332878a52c64d
|
||||||
|
03afa4fdd197b0fb7d20e26343cd6a84f42b2be0e8d9ba060f7f689cb17a8d52
|
||||||
|
478d137f1c915b24c799c9f1c81b4bd9adb423fe57e5c33addd3a6031f87aa47
|
||||||
3f83c090819bc1dd8a9c1db3588b51ecd839bf0ca85a21f552c4346abe09efdc
|
3f83c090819bc1dd8a9c1db3588b51ecd839bf0ca85a21f552c4346abe09efdc
|
||||||
|
d1bea71bbdcf75f0b5f49cd0c4bca1fd70dc6ef44333e034e015c315ba4b408c
|
||||||
|
7b3491ec6132248cc30c29ee292849c1c2637eb8d52016f9f01d6124c1b9581b
|
||||||
|
16b7b4738aae90442e6d976ca8261e9941c894cb5630c2f474bba4ce0f164bea
|
||||||
|
c0bc32ac8075ff6d3c44a8579529f8e9363a9d8520db70ff0665ac83e96ca1fa
|
||||||
|
5a53fe3402bdeadc3050347b922358e1bc183210a6e69640e3df91018988274d
|
||||||
|
ef6e8e8d31d3167c9cd5d1b177950992d7cb8f9f3f4a363dd9a2e86d7653fa39
|
||||||
|
4437b68359985c54b9ca97444f4b3a8db6ac4ca90fa7312305123920e9daac02
|
||||||
|
56358232f7320b3ade07fed642a0520ac19f7d2e6ace6c23e59b10376d63c561
|
||||||
|
a6e82eb37aef00046c58cf6f57e011af918828ab590438ea97dcb1bf6aea6488
|
||||||
8546f91fbba81d6557a71098aa0bffe4ff17f85faa0458c45b9ed926eb371568
|
8546f91fbba81d6557a71098aa0bffe4ff17f85faa0458c45b9ed926eb371568
|
||||||
|
898303c2fbab7608e4a85fc9c6f38a75815c9e23bb0980415cc2a7fcff0fbf63
|
||||||
|
61312b72632f897fb5f36493f1e3696885674ef10cb8343520040194f340a92a
|
||||||
|
e32e29a9e0c222af6a2daa4cfc99df98d996f53fdf4f4d451021bb57fec68a83
|
||||||
|
518ac201abeaba51946729c18b4aa0f1d2b1ec93c5fb212245de658387738b1d
|
||||||
|
245e470d00a4da06a576ddee4bf9c0f03a8bb1084f2059b19c988d8bd7e78b7c
|
||||||
|
49b58c17a00fcc1f2f5b54d7ea4a51de450357771cc796b1c0ec2511bfebb234
|
||||||
|
e0e6e90b952c07f8b8793b47d13fec103295cc5f299774686c4e09761226640d
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
40
MassLogger/extras/CustomBinaryReader.cs
Normal file
40
MassLogger/extras/CustomBinaryReader.cs
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
internal static int CustomBinaryReader(BinaryReader \u0020)
|
||||||
|
{
|
||||||
|
bool flag = false;
|
||||||
|
uint num = 0U;
|
||||||
|
uint num2 = (uint)pXk.ReadByte(\u0020);
|
||||||
|
int num3 = 0;
|
||||||
|
|
||||||
|
num |= (num2 & 63U);
|
||||||
|
if ((num2 & 64U) != 0U)
|
||||||
|
{
|
||||||
|
flag = true;
|
||||||
|
}
|
||||||
|
if (num2 < 128U)
|
||||||
|
{
|
||||||
|
if (flag)
|
||||||
|
{
|
||||||
|
return (int)(~(int)num);
|
||||||
|
}
|
||||||
|
return (int)num;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
int num4 = 0;
|
||||||
|
for (;;)
|
||||||
|
{
|
||||||
|
uint num5 = (uint)\u0020.ReadByte();
|
||||||
|
num |= (num5 & 127U) << 7 * num4 + 6;
|
||||||
|
if (num5 < 128U)
|
||||||
|
{
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
num4++;
|
||||||
|
}
|
||||||
|
if (flag)
|
||||||
|
{
|
||||||
|
return (int)(~(int)num);
|
||||||
|
}
|
||||||
|
return (int)num;
|
||||||
|
}
|
||||||
|
}
|
105
MassLogger/extras/DictionaryConstructor.cs
Normal file
105
MassLogger/extras/DictionaryConstructor.cs
Normal file
@ -0,0 +1,105 @@
|
|||||||
|
Dictionary<int, int> dictionary = new Dictionary<int, int>();
|
||||||
|
BinaryReader binaryReader = new BinaryReader(Type.GetTypeFromHandle(YMn.GetRuntimeTypeHandleFromMetadataToken(33554549)).Assembly.GetManifestResourceStream("XT7N54yDEN8FnpdpZs.npkuPXFrtOPP8sUvPf"));
|
||||||
|
binaryReader.BaseStream.Position = 0L;
|
||||||
|
byte[] array = binaryReader.ReadBytes((int)binaryReader.BaseStream.Length);
|
||||||
|
binaryReader.Close();
|
||||||
|
if (array.Length > 0)
|
||||||
|
{
|
||||||
|
int num = array.Length % 4;
|
||||||
|
int num2 = array.Length / 4;
|
||||||
|
byte[] array2 = new byte[array.Length];
|
||||||
|
uint num3 = 0U;
|
||||||
|
if (num > 0)
|
||||||
|
{
|
||||||
|
num2++;
|
||||||
|
}
|
||||||
|
for (int i = 0; i < num2; i++)
|
||||||
|
{
|
||||||
|
int num4 = i * 4;
|
||||||
|
uint num5 = 255U;
|
||||||
|
int num6 = 0;
|
||||||
|
uint num7;
|
||||||
|
if (i == num2 - 1 && num > 0)
|
||||||
|
{
|
||||||
|
num7 = 0U;
|
||||||
|
for (int j = 0; j < num; j++)
|
||||||
|
{
|
||||||
|
if (j > 0)
|
||||||
|
{
|
||||||
|
num7 <<= 8;
|
||||||
|
}
|
||||||
|
num7 |= (uint)array[array.Length - (1 + j)];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
uint num8 = (uint)num4;
|
||||||
|
num7 = (uint)((int)array[(int)((UIntPtr)(num8 + 3U))] << 24 | (int)array[(int)((UIntPtr)(num8 + 2U))] << 16 | (int)array[(int)((UIntPtr)(num8 + 1U))] << 8 | (int)array[(int)((UIntPtr)num8)]);
|
||||||
|
}
|
||||||
|
num3 = num3;
|
||||||
|
uint num9 = num3;
|
||||||
|
uint num10 = num3;
|
||||||
|
uint num11 = 1795577737U;
|
||||||
|
uint num12 = 1182509082U;
|
||||||
|
uint num13 = num10;
|
||||||
|
uint num14 = 1406428146U;
|
||||||
|
uint num15 = 526153867U;
|
||||||
|
uint num16 = (num11 >> 11 | num11 << 21) ^ num14;
|
||||||
|
uint num17 = num16 & 16711935U;
|
||||||
|
num16 &= 4278255360U;
|
||||||
|
num11 = (num16 >> 8 | num17 << 8);
|
||||||
|
uint num18 = 3007391072U;
|
||||||
|
num18 = 56678U * (num18 & 65535U) + (num18 >> 16);
|
||||||
|
num11 = 37629U * (num11 & 65535U) - (num11 >> 16);
|
||||||
|
num11 = 25451U * num11 - num18;
|
||||||
|
ulong num19 = (ulong)(num11 * num11);
|
||||||
|
if (num19 == 0UL)
|
||||||
|
{
|
||||||
|
num19 -= 1UL;
|
||||||
|
}
|
||||||
|
num14 = (uint)((ulong)(num14 * num14) % num19);
|
||||||
|
num18 = 29546U * (num18 & 65535U) + (num18 >> 16);
|
||||||
|
num11 = 21832U * (num11 & 65535U) + (num11 >> 16);
|
||||||
|
num11 = 7417U * num11 + num18;
|
||||||
|
num13 ^= num13 >> 11;
|
||||||
|
num13 += num12;
|
||||||
|
num13 ^= num13 << 17;
|
||||||
|
num13 += num14;
|
||||||
|
num13 ^= num13 >> 13;
|
||||||
|
num13 += num15;
|
||||||
|
num13 = ((num18 << 16) - num14 ^ num12) + num13;
|
||||||
|
num3 = num9 + (uint)num13;
|
||||||
|
if (i == num2 - 1 && num > 0)
|
||||||
|
{
|
||||||
|
uint num20 = num3 ^ num7;
|
||||||
|
for (int k = 0; k < num; k++)
|
||||||
|
{
|
||||||
|
if (k > 0)
|
||||||
|
{
|
||||||
|
num5 <<= 8;
|
||||||
|
num6 += 8;
|
||||||
|
}
|
||||||
|
array2[num4 + k] = (byte)((num20 & num5) >> num6);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
uint num21 = num3 ^ num7;
|
||||||
|
array2[num4] = (byte)(num21 & 255U);
|
||||||
|
array2[num4 + 1] = (byte)((num21 & 65280U) >> 8);
|
||||||
|
array2[num4 + 2] = (byte)((num21 & 16711680U) >> 16);
|
||||||
|
array2[num4 + 3] = (byte)((num21 & 4278190080U) >> 24);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
array = array2;
|
||||||
|
int num22 = array.Length / 8;
|
||||||
|
massCrypto.VMt vmt = new massCrypto.VMt(new MemoryStream(array));
|
||||||
|
for (int l = 0; l < num22; l++)
|
||||||
|
{
|
||||||
|
int key = vmt.ReadInt32();
|
||||||
|
int value = vmt.ReadInt32();
|
||||||
|
dictionary.Add(key, value);
|
||||||
|
}
|
||||||
|
vmt.Close();
|
||||||
|
}
|
||||||
|
massCrypto.FieldMethodDictionary = dictionary;
|
42
MassLogger/extras/SetField.cs
Normal file
42
MassLogger/extras/SetField.cs
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
ParameterInfo[] parameters = methodInfo.GetParameters();
|
||||||
|
int num24 = parameters.Length + 1;
|
||||||
|
Type[] array3 = new Type[num24];
|
||||||
|
if (methodInfo.DeclaringType.IsValueType)
|
||||||
|
{
|
||||||
|
array3[0] = methodInfo.DeclaringType.MakeByRefType();
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
array3[0] = Type.GetTypeFromHandle(YMn.GetRuntimeTypeHandleFromMetadataToken(16777235));//T:System.Drawing.Imaging.ImageCodecInfo
|
||||||
|
}
|
||||||
|
for (int n = 0; n < parameters.Length; n++)
|
||||||
|
{
|
||||||
|
array3[n + 1] = parameters[n].ParameterType;
|
||||||
|
}
|
||||||
|
DynamicMethod dynamicMethod = new DynamicMethod(string.Empty, methodInfo.ReturnType, array3, typeFromHandle, true);
|
||||||
|
ILGenerator ilgenerator = dynamicMethod.GetILGenerator();
|
||||||
|
for (int num25 = 0; num25 < num24; num25++)
|
||||||
|
{
|
||||||
|
switch (num25)
|
||||||
|
{
|
||||||
|
case 0:
|
||||||
|
ilgenerator.Emit(OpCodes.Ldarg_0);
|
||||||
|
break;
|
||||||
|
case 1:
|
||||||
|
ilgenerator.Emit(OpCodes.Ldarg_1);
|
||||||
|
break;
|
||||||
|
case 2:
|
||||||
|
ilgenerator.Emit(OpCodes.Ldarg_2);
|
||||||
|
break;
|
||||||
|
case 3:
|
||||||
|
ilgenerator.Emit(OpCodes.Ldarg_3);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
ilgenerator.Emit(OpCodes.Ldarg_S, num25);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ilgenerator.Emit(OpCodes.Tailcall);
|
||||||
|
ilgenerator.Emit(flag2 ? OpCodes.Callvirt : OpCodes.Call, methodInfo);
|
||||||
|
ilgenerator.Emit(OpCodes.Ret);
|
||||||
|
fieldInfo.SetValue(null, dynamicMethod.CreateDelegate(typeFromHandle));
|
79
MassLogger/extras/StringDecrypter.cs
Normal file
79
MassLogger/extras/StringDecrypter.cs
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
internal static string StringDecrypter(int \u0020)
|
||||||
|
{
|
||||||
|
Dictionary<int, int> dictionary = new Dictionary<int, int>();
|
||||||
|
BinaryReader binaryReader = new BinaryReader(Type.GetTypeFromHandle(YMn.TLiQPA(33554549)).Assembly.GetManifestResourceStream("6FF2DEHA59scuaOblI.3yVNoPUENeqkvGg9UY"));
|
||||||
|
binaryReader.BaseStream.Position = 0L;
|
||||||
|
byte[] cipherText = binaryReader.ReadBytes((int)binaryReader.BaseStream.Length);
|
||||||
|
total_interations = cipherText.length / 4;
|
||||||
|
num15 = 0;
|
||||||
|
binaryReader.Close();
|
||||||
|
//First run, string has not been decrypted
|
||||||
|
if (massCrypto.IsInitialized()) {
|
||||||
|
array7 = [0x74, 0x52, 0x47, 0x4A, 0x15, 0xD4, 0x9F, 0x2E, 0x31, 0x49, 0x7D, 0xD9, 0xC5, 0x0C, 0x33,
|
||||||
|
0xB1, 0x09, 0x8D, 0xC8, 0xB3, 0xEA, 0x41, 0x8B, 0x7D, 0xDC, 0x21, 0xA9, 0x1E, 0x71, 0x97, 0x47, 0x7D];
|
||||||
|
|
||||||
|
|
||||||
|
while (num_interations != total_interations -1) {
|
||||||
|
num38 = num_interations % 0x08
|
||||||
|
num4 = num_interations * 4; // num4 = reading offset
|
||||||
|
num13 = (uint)(num38 * 4);
|
||||||
|
num14 = (uint)((int)array7[(int)((UIntPtr)(num13 + 3U))] << 24 |(int)array7[(int)((UIntPtr)(num13 + 2U))] << 16 |(int)array7[(int)((UIntPtr)(num13 + 1U))] << 8 |(int)array7[(int)((UIntPtr)num13)]);
|
||||||
|
//num26 = 255U;
|
||||||
|
num7 += num14;
|
||||||
|
num13 = (uint)num4;
|
||||||
|
num_new_params = (uint)((int)cipherText[(int)((UIntPtr)(num13 + 3U))] << 24 | (int)cipherText[(int)((UIntPtr)(num13 + 2U))] << 16 | (int)cipherText[(int)((UIntPtr)(num13 + 1U))] << 8 | (int)cipherText[(int)((UIntPtr)num13)]);
|
||||||
|
num8 = num7;
|
||||||
|
num7 = 0;
|
||||||
|
|
||||||
|
uint num27 = num8;
|
||||||
|
uint num28 = num8;
|
||||||
|
uint num29 = 1795577737U;
|
||||||
|
uint num30 = 1182509082U;
|
||||||
|
uint num31 = num28;
|
||||||
|
uint num32 = 1406428146U;
|
||||||
|
uint num33 = 526153867U;
|
||||||
|
uint num34 = (num29 >> 11 | num29 << 21) ^ num32;
|
||||||
|
uint num35 = num34 & 16711935U;
|
||||||
|
num34 &= 4278255360U;
|
||||||
|
num29 = (num34 >> 8 | num35 << 8);
|
||||||
|
uint num36 = 3007391072U;
|
||||||
|
num36 = 56678U * (num36 & 65535U) + (num36 >> 16);
|
||||||
|
num29 = 37629U * (num29 & 65535U) - (num29 >> 16);
|
||||||
|
num29 = 25451U * num29 - num36;
|
||||||
|
ulong num37 = (ulong)(num29 * num29);
|
||||||
|
if (num37 == 0UL) {
|
||||||
|
num37 -= 1UL;
|
||||||
|
}
|
||||||
|
num32 = (uint)((ulong)(num32 * num32) % num37);
|
||||||
|
num36 = 29546U * (num36 & 65535U) + (num36 >> 16);
|
||||||
|
num29 = 21832U * (num29 & 65535U) + (num29 >> 16);
|
||||||
|
num29 = 7417U * num29 + num36;
|
||||||
|
num31 ^= num31 >> 11;
|
||||||
|
num31 += num30;
|
||||||
|
num31 ^= num31 << 17;
|
||||||
|
num31 += num32;
|
||||||
|
num31 ^= num31 >> 13;
|
||||||
|
num31 += num33;
|
||||||
|
num31 = ((num36 << 16) - num32 ^ num30) + num31;
|
||||||
|
num8 = num27 + (uint)num31;
|
||||||
|
|
||||||
|
num7 = num8
|
||||||
|
num5 = (num7 ^ num_new_params);
|
||||||
|
plainText[num4] = (byte)(num5 & 255U); // plainText = decrypted data
|
||||||
|
plainText[num4 + 1] = (byte)((num5 & 65280U) >> 8);
|
||||||
|
plainText[num4 + 2] = (byte)((num5 & 16711680U) >> 16);
|
||||||
|
plainText[num4 + 3] = (byte)((num5 & 4278190080U) >> 24)
|
||||||
|
|
||||||
|
num_interations++
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
//Decrypted string table is added
|
||||||
|
gMO.kpikRL5Cn6 = plainText;
|
||||||
|
}
|
||||||
|
//Return required string from provided index
|
||||||
|
length = massCrypto.ToInt32(massCrypto.decryptedString, \u0020);
|
||||||
|
string result = gMO.Nc(gMO.Ym(), gMO.kpikRL5Cn6, \u0020 + 4, length);
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
18
MassLogger/network.txt
Normal file
18
MassLogger/network.txt
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
fxp://alvorkitecenter[.]com
|
||||||
|
fxp://med-star[.]gr
|
||||||
|
fxp://ftp.ayudasaudiovisuales[.]com
|
||||||
|
fxp://st05[.]net
|
||||||
|
fxp://ecurs[.]ro
|
||||||
|
hxxps://bradbo[.]life/mass/?/upload
|
||||||
|
hxxps://www.med-star[.]gr/panel/?/login
|
||||||
|
hxxps://server295[.]web-hosting[.]com
|
||||||
|
pop@bals.gq
|
||||||
|
rakplant@emirates.net.ae
|
||||||
|
adonilifranky@gmail.com
|
||||||
|
rakplant@eim.ae
|
||||||
|
Williamslucy570@gmail.com
|
||||||
|
henryresult@yandex.com
|
||||||
|
info@beljemi.com
|
||||||
|
nwamalog@hisensetech.ml
|
||||||
|
nwama@hisensetech.ml
|
||||||
|
jaleel.rehman@osaimiengineering.com.sa
|
39
MassLogger/samples.md5
Normal file
39
MassLogger/samples.md5
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
5964c57dd10a4d1ac63f9f2782c25f6c
|
||||||
|
98abe44d0d83a8224b3a8afb60142d88
|
||||||
|
68df934706bc3bfc519338bfa873f2c2
|
||||||
|
853ae39135e0f23ea4151572b7d97b88
|
||||||
|
ba2a5f5a675018555999b9a0accf881d
|
||||||
|
70d8948fe6db89321156af15a566dda9
|
||||||
|
fe4274c70222b7da57072f81802bfcb5
|
||||||
|
815bd20d24a68729acdc8bde6aa1e4d1
|
||||||
|
374eeea468461e0838156787f3846ae0
|
||||||
|
3007a546519fb74394d5819ffd5e2ff1
|
||||||
|
7a27ddbe40aec90b1d0a070fb96e5666
|
||||||
|
15211d392f0141ef8f2a58896141ce65
|
||||||
|
26da68f7f3a7ebe7ff0133afb8f36e26
|
||||||
|
f5cecf1302b0f2756f38498daf5289f1
|
||||||
|
a563fbed47018ed78177ccdd14481aa4
|
||||||
|
e33ea7388e4d2b23c9dc92d36de35caf
|
||||||
|
240d4ee2b3c85a8a90aa2d37f14a00c1
|
||||||
|
1ec688adff97193b84e9a6120840d31d
|
||||||
|
299e51e32a764ec12716fa4f5ee41fb0
|
||||||
|
a89ac4a61243dde90bbecc537eb65e0e
|
||||||
|
5949f645bb122b81fb4a989c9ab6f44e
|
||||||
|
204bdadf1189b3224b4ddc9317ae1559
|
||||||
|
4c4b4e0bbd77d395f30d28378d706387
|
||||||
|
36e08368a90e5411ffa0a9f161821b61
|
||||||
|
f340842ea7b3f11103467dde4d04d332
|
||||||
|
989afca532394ca69cfac8f95fed60b1
|
||||||
|
398c9787f4d9fd039f92b81047f720d3
|
||||||
|
fa815b5d21db43d6853113afa6abc437
|
||||||
|
0ec4410a1f9816b29639af23a28da67d
|
||||||
|
8d2993b4f51e7e9d29ce706de246ca00
|
||||||
|
797750b433d8a75898810ce238f12598
|
||||||
|
c0b81d06d75fd4f110166c8e9af8cf3e
|
||||||
|
dc0c4c7c5b317df7af41ad05f25eddc9
|
||||||
|
ac77656df6474a1b64258c34fefed19e
|
||||||
|
0c65b549e5ac02f4265ac8821fbcb2b9
|
||||||
|
e8f4d551d132b149023c4aae55a6a146
|
||||||
|
e174bb396a9919085efb4b1ca07292a2
|
||||||
|
03e60611e236476f00b94a2f748fdaf6
|
||||||
|
8b153c74c6f3f8829c36a69fb7c164cc
|
39
MassLogger/samples.sha1
Normal file
39
MassLogger/samples.sha1
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
24760cc40c7e41fae000aaed99226adb9381b26f
|
||||||
|
ee49a457a79075dfe02f6ddb73b842692ab94a38
|
||||||
|
d89332d523d13aa35ee3cf3e29ca465ef7c12e3f
|
||||||
|
145f6f9fafe3424c9adc6269529a7d34457663d6
|
||||||
|
82623e2d29d1297108f38100cd309fc2d19027a9
|
||||||
|
62a81899491ade71e6ee3b93bda49293341740df
|
||||||
|
041a461aaba50b85e667e1e8d037a2f5a7ff22ad
|
||||||
|
673fe25dda48a201827bdd3379b75337615d0053
|
||||||
|
dc5a3fea86ba739f353c08cbb7593a3d8caa4c19
|
||||||
|
825866a00a7b2d9a94a9da0d865394bf3bb99920
|
||||||
|
1221566157c8eef1fbe115fcb148d8c212ade0e5
|
||||||
|
4fb9bbf58ac4f8b5f9c2152551e0a46553895a89
|
||||||
|
166b59b0b219e3809689e0ee18138c820fbd3f14
|
||||||
|
48b73a58be3e45d06d2563be703a09b36560d9c3
|
||||||
|
764dfa7082bedea1ad8ec8fe4e1315cab4cbd6a0
|
||||||
|
85a3d1a0cfce35e0667f1538486e43f3e9e57071
|
||||||
|
451e09e7a7a5be3cd701dae90fc4c53a58969d8a
|
||||||
|
529e88a4ef76a4804445af18c6f105177cc1262b
|
||||||
|
71c0a42ae41a86e0f6f8a1d11a358be80a9ac72b
|
||||||
|
da674b13c0772f121fba7fca66f6ec39e740b1ae
|
||||||
|
dc8af7e1d51fdb601c1d81d2bd19c81c6bddbc42
|
||||||
|
27eafcc0591dc3742718a24f59aacd80a7dd3b47
|
||||||
|
6a241b2e99aec01b5294d23d1717c5c97da86874
|
||||||
|
ead69368c42bf0165846ce78994f2e98aca5349e
|
||||||
|
e61eb23f438c1f04b8965d88f4dfbbfd2d754447
|
||||||
|
2f04e4efe7145209f359ca9bd42a3bf494c997c3
|
||||||
|
447c1bfd77fb7839368e84846c0b4cb1b78d0628
|
||||||
|
2ddd76655ff7f0bb7cbce36bf93bae53244f3dbc
|
||||||
|
82a746914e60a5967fb2192ba6567e1ecff8c702
|
||||||
|
21a13ad9b15e43f29ab9de3769aa6c9f85ac7ac9
|
||||||
|
11095fe26309440327687a373cb24c544699b5b4
|
||||||
|
a288b1885ef4facb0d2e2b6cd3ae4a1f8ca399aa
|
||||||
|
5859bde7a45f3ba22fb899fbe0a1ff0eaee1ef36
|
||||||
|
f3ec14cf51c51872161f8bb7643d9bd63f1d3c09
|
||||||
|
40a1756008fae009b51685a4188f22738fc849ef
|
||||||
|
f99953ceab540cd56126f3df0e13aa3f24301a23
|
||||||
|
396c7c1e555c7d63cb67c87e909205cda49d5ce9
|
||||||
|
18be6e3462d2f61f814148a77f26518ec6a7453b
|
||||||
|
c87f39735c108bc04b05ed758093f58d3187151d
|
39
MassLogger/samples.sha256
Normal file
39
MassLogger/samples.sha256
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
56cdab11e53a0e5874133e04e90e5829f9d28a3cfd215a5f9e98c3b146bb3c1a
|
||||||
|
c5e4e3626c2df21cb71de5713203c3155481ac3a4e33642466b5c7fc8176bab2
|
||||||
|
1ddfb935de736c5e8bd07d909d08cfdf105cf45fbfd46801ff65d9bc0cf51ca7
|
||||||
|
167deeb9c2533a249de5795b2cda3213988a15f0e3adb1eb0ef097a5fedbf70b
|
||||||
|
972662b8c2761f8557a4db52c4b8cb9c10dd712eb49baa6cb6701c252382465a
|
||||||
|
772532344e2f49bc9e8bfa2c6d61f789617f7ecb01f26aa7ce6d672137718178
|
||||||
|
29afcbe8fc5da49fbce2da538821e1c6a806d6a640d68f995195ea271a5357e8
|
||||||
|
4fc8063a138a426737f939cc23844df0e3be3c2aaec043a5136bc8cccc065f60
|
||||||
|
93316169290f31a1aa2ed1613ee44f2e529238ca26600df07a8b0076c38bc146
|
||||||
|
8908918728286712e2f32e8319e75af0341d9c1bebe07ee460362d4752d6f1e8
|
||||||
|
6f026b437efabd6237c2cc0f0ba97efe67fbb3334a35a7c5ef4be4e893d5d110
|
||||||
|
569b8e82be35754c8d0f183c63f725863e04c7a72cccfb4368fc735c35a35a7b
|
||||||
|
c8f402b68c199a7dbc98c47d2bd23085dcdfa5fb4adeb8a43a319ef0dd5044e6
|
||||||
|
73c8b6f716d0e2a40f8a437ef14b90b160c3ac5da10469db0252075c112d74dd
|
||||||
|
2c72055f04248f5cd5a05d4929eabda0934d2575b92149f45001be5ca981584f
|
||||||
|
bb2b16143b3fbbfa756d74faa9ae92c2c06035a7100a5ed2b44bf6cf3ab9258a
|
||||||
|
7a8db30a1f86b7d4db0b9e10eea646d254fe9f235881a81f2fc21380f45b3051
|
||||||
|
982bd53341535ec66cae51fda4631f39ed9ba44947a783b5a2edf66daf28c7b3
|
||||||
|
658553ecc9631400e23f4a3ab88b8dd1f101a1e0d5bb61c434d332878a52c64d
|
||||||
|
03afa4fdd197b0fb7d20e26343cd6a84f42b2be0e8d9ba060f7f689cb17a8d52
|
||||||
|
478d137f1c915b24c799c9f1c81b4bd9adb423fe57e5c33addd3a6031f87aa47
|
||||||
|
3f83c090819bc1dd8a9c1db3588b51ecd839bf0ca85a21f552c4346abe09efdc
|
||||||
|
d1bea71bbdcf75f0b5f49cd0c4bca1fd70dc6ef44333e034e015c315ba4b408c
|
||||||
|
7b3491ec6132248cc30c29ee292849c1c2637eb8d52016f9f01d6124c1b9581b
|
||||||
|
16b7b4738aae90442e6d976ca8261e9941c894cb5630c2f474bba4ce0f164bea
|
||||||
|
c0bc32ac8075ff6d3c44a8579529f8e9363a9d8520db70ff0665ac83e96ca1fa
|
||||||
|
5a53fe3402bdeadc3050347b922358e1bc183210a6e69640e3df91018988274d
|
||||||
|
ef6e8e8d31d3167c9cd5d1b177950992d7cb8f9f3f4a363dd9a2e86d7653fa39
|
||||||
|
4437b68359985c54b9ca97444f4b3a8db6ac4ca90fa7312305123920e9daac02
|
||||||
|
56358232f7320b3ade07fed642a0520ac19f7d2e6ace6c23e59b10376d63c561
|
||||||
|
a6e82eb37aef00046c58cf6f57e011af918828ab590438ea97dcb1bf6aea6488
|
||||||
|
8546f91fbba81d6557a71098aa0bffe4ff17f85faa0458c45b9ed926eb371568
|
||||||
|
898303c2fbab7608e4a85fc9c6f38a75815c9e23bb0980415cc2a7fcff0fbf63
|
||||||
|
61312b72632f897fb5f36493f1e3696885674ef10cb8343520040194f340a92a
|
||||||
|
e32e29a9e0c222af6a2daa4cfc99df98d996f53fdf4f4d451021bb57fec68a83
|
||||||
|
518ac201abeaba51946729c18b4aa0f1d2b1ec93c5fb212245de658387738b1d
|
||||||
|
245e470d00a4da06a576ddee4bf9c0f03a8bb1084f2059b19c988d8bd7e78b7c
|
||||||
|
49b58c17a00fcc1f2f5b54d7ea4a51de450357771cc796b1c0ec2511bfebb234
|
||||||
|
e0e6e90b952c07f8b8793b47d13fec103295cc5f299774686c4e09761226640d
|
Loading…
Reference in New Issue
Block a user