Skip to content

d1gitalmemories/d1gitaltears

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

d1gitaltears


python3_support

Brief Summary

  • Created for fun. You can take reference from this project.

Payloads

  • It works simple:
  • Bypasses UAC then restarts itself to change registry, and copy itself to C:\Windows, as well as creating a powershell script to prevent user from closing the process.
  • Restarts PC.
  • After the reboot, it will delete ntoskrnl.exe and hal.dll and overwrite MBR with a custom message, then create visual effects such as making your screen black.

Registry payloads

  • Disables CTRL+Alt+Delete
  • Disables regedit.exe
  • Swaps mouse buttons.
  • Puts itself on startup (wininit, reference from Endermanch on YT!)
  • Allows powershell scripts to be ran from terminal.
  • Enables LUA, which runs any program with administrative privileges.

Persistence

  • Simple. It creates a powershell script that launches upon startup and monitors the malware's process. If malware process or powershell closed, it will throw BSOD.
  • If tried to delete malware or powershell script from file directory, it will throw BSOD.

DISCLAIMER

  • This tool is provided for educational and research purposes only. The authors of this project are no way responsible for any misuse of this tool.
  • Please credit me if you are using this in your project.

Contributions

  • All contributions are welcome!

Credits: