Program detail (Final):

  • This program is a program that will run automatically when windows starts up.
  • The program has 2 files, one is the executable file, and one is a folder containing all the pictures and sound. Program name: Kaelproject.exe, folder name: Randomimage.
  • The program will check if the program is already running. If it doesn’t then run. If it does, then the new program will close itself.
  • It will copy itself to a folder inside the computer, which is C:\Users\Default\AppData\Local. This folder is always present at any computer. The folder C:\Users\Default and C:\Users\Default\AppData is already hidden, so to find this program the user must show hidden programs. If the files are already present, then it will not copy itself. If it doesn’t, it will copy itself to the designated folder and then show a random string of 15 length.
  • The copied file name is “chrome.exe”, and has Google Chrome logo. The folder’s name is still the same.
  • The program will inject the registry at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce and HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. With this, the program will run when windows starts.
  • The program will also inject the registry at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr. This will disable the task manager in the laptop until the registry is deleted.
  • When run, the program will hide itself from the taskbar and will not display anything (except random string when copying). At certain time (08:00, 12:00, 18:00, 22:00) the program will show itself for 5 minutes with a full screen picture, while making sounds. The program will stay on top of any other program, so the user has no choice but to wait for 5 minutes or shutdown/restart the computer.
  • At that 5 minutes, the program can be disabled and deleted by writing a certain code. The code is “sudahcukup”. After writing that, the program will show a form containing a textbox for 10 seconds. To hide the program and stop the sound, write “terminate project” and then press enter. To delete the program with the folders, write “delete all files related to project” and press enter.

Social engineering method:

  • The social engineering technique that is used for this project is by using flashdisk.
  • If you read the program details above, the program will run only at certain time.
  • It is crucial for the social engineering to not run the program at the specified time / near the specified time so that the target does not have any suspicion towards you. The recommended time is at least 1 hour before the specified time.
  • At first glance, the program will only show a random string of length 15, so for this social engineering you can just say “I want to try a program that I have created. I can assure you this does not do any harm to your computer”.
  • When asked by the target “why the laptop shows an image and sound”, you can lie to the target and say “I don’t know, my program only shows message”. Then wait until the program has run on all the time that is designated.
  • WARNING! This requires extreme deceiving skills and a very good poker face. You will face the target head on a lot of time, and you should be able to keep yourself calm.

Social engineering story:

My target is a friend of mine called Kevin Ignatius Gunarso. I tried the virus first at 11/5/2015. During the injection, the program showed an error box, and I failed to inject the virus to the computer. I analyzed the problem, and the problem is because HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System is not always present in the registry. After knowing this, I modified my program. Then, I tried the program again at 13/5/2015, this time without him knowing.

Tags: , ,