I’ve recently watched this video from @ScammerRevolts and was really happy to see this scammers PC being infected with WannaCry. Unfortunately the scammer didn’t click on the admin popup from MEMZ, so only WannaCry was running.
This was the moment when I thought: “It must be possible to start MEMZ as easy as WannaCry, without user input.”
And today, I can present you this: MEMZ-Destructive v5.0
This version of MEMZ doesn’t have a silly warning like “THIS IS CONSIDERED MALWARE”! No, it simply starts and does its thing. Even without an admin popup!
But how does it work?
I’ve combined MEMZ with an exploit for CVE-2017-0213, which works on Win7 and starts MEMZ with NT AUTHORITY/SYSTEM rights. Not even the taskmanager can close MEMZ if the privileges are elevated this high.
And now for the most important part: How to use it?
- Step: Download from the link above (Warning: This is malware. DO NOT EVER RUN THIS ON YOUR REAL PC! I am not responsible for anything you do with MEMZ.)
- Step: There are several files in a .zip file, encrypted using a password so that you can’t extract and run them by mistake (pass included in the .zip file). Extract the files.
- Step: Take the file that best fits the PC. There are both x86 and x64 versions.
(Annotation: There are three MEMZ files in the .zip. The file called “MEMZ_NoGui” does not include the exploit and is there for tesing/dev purposes.
- Step: Enjoy!
Download from the Link and execute MEMZ_x86 or MEMZ_x64. Then the PC is f*cked.
IMPORTANT NOTICE (Troubleshooting)
The Exploit is a bit unstable. I tested it on Win7 x86 Sp0/Sp1 and Win7 x64 Sp0. Should for some unknown reason MEMZ not work for you (or on the scammers PC), just do the following:
- If there’s an admin prompt trying to open cmd.exe, ignore it. You can type yes, but that defies the reason i programmed this (we want this to work without user input)
- Just give a doubleklick on “elevatex86.exe” (“elevatex64.exe”). Or two. Just smash that Mousebutton until it works (that really helps!!)
Happy Scammer-Hunting and PC-Trashing!