• Stars
    star
    198
  • Rank 196,898 (Top 4 %)
  • Language
    Python
  • Created about 7 years ago
  • Updated about 7 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A collection of tools for dealing with TrickBot

TrickBot

A collection of tools for working with TrickBot

ConfigDecrypter.py

Used to decrypt TrickBot configs (found in install directory under then name config.conf)

Example usage: ConfigDecrypter.py -input config.conf -output config.txt

FileDownloader.py

Used to download files from command and control server

For it to work you'll need to fill servers.txt with a list of recent servers (TrickBot servers die very quickly)

-o (--output) is the file to save to.

-f (--file) specifes the file to download, here is a list of files available:

  • Modules

    • systeminfo32 - gather information about the infected system (32-bit module)
    • injectdll32 - injects into the browser and performs webinjects (32-bit module)
    • mailsearcher32 - searches through files to gather a list of email addresses (32-bit module)
    • sharedll32 - allows the malware to move laterally via network shares (32-bit module)
  • Config Files

    • main - main TrickBot config which includes the latest server list
    • dinj - dynamic webinject configuration
    • sinj - static webinject configuration
    • dpost - server which the dynamic webinjects will send intercepted requests to
    • mailconf - server to send harvested email list to

More Repositories

1

EDR-Preloader

An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
C++
383
star
2

EDRception

A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
C++
161
star
3

ZombifyProcess

Inject code into a legitimate process
C++
141
star
4

TinyXPB

Windows XP 32-Bit Bootkit
C
139
star
5

CreateDesktop

Example application for creating multiple desktops on Windows
C++
130
star
6

AppContainerSandbox

An example sandbox using AppContainer (Windows 8+)
C++
129
star
7

FakeMBR

TDL4 style rootkit to spoof read/write requests to master boot record
C++
126
star
8

CitrixHoneypot

Detect and log CVE-2019-19781 scan and exploitation attempts.
HTML
113
star
9

Log4jTools

Tools for investigating Log4j CVE-2021-44228
Python
95
star
10

BasicHook

x86 Inline hooking engine (using trampolines)
C
91
star
11

HiddenDesktop

Create and enumerate hidden desktops.
C
86
star
12

FstHook

A library for intercepting native functions by hooking KiFastSystemCall
C++
72
star
13

UACElevator

Passive UAC elevation using dll infection
C++
70
star
14

RDGScanner

A proof-of-concept scanner to check an RDG Gateway Server for vulnerabilities CVE-2020-0609 & CVE-2020-0610.
Python
69
star
15

Beginner-Reversing-Challenges

https://www.malwaretech.com/beginner-malware-reversing-challenges
53
star
16

MSDIA-x64

Enable Microsoft PDB support in Ghidra without installing Visual Studio
Batchfile
40
star
17

SpookySSLTools

Example tools for detecting software using OpenSSL 3.0.0 - 3.0.6 (vulnerable to latest unnamed vulnerability)
PowerShell
39
star
18

FollinaExtractor

Extract payload URLs from Follina (CVE-2022-30190) docx and rtf files
Python
30
star
19

SimpleEpollServer

An example epoll imlementation with C++11
C++
29
star
20

PhaseHack

Phase C&C Blind SQL Injection
Python
9
star
21

NeutrinoBotHack

SQL injection in Neutrino panel
Python
8
star
22

PhaseDump

Python tool for decrypting W32/Phase modules
Python
6
star
23

CVE-2024-47176-Scanner

A simple scanner for identifying vulnerable cups-browsed instances on your network
Python
5
star