Fully Undetectable Dropper

[ORCA]

first of all, hello and hope ur good ...

im selling a dropper for ur shellcode, work best with cobalt strike, i may be new to this website, but ive been building malware since before i was born.
i cant post all details about it, cz i build a new way for evading detection at run time, and i dont want blue teamers to get involved lol.
however i posted some of its features here: https://github.com/ORCA666/ACHLYS

i will sell it with its code btw, and ill give u cobalt strike (v 4.3) if u didn't have it.

and if ur interested in buying / knowing the details, feel free to contact me at my proton email.


stay cool

ORCA.

 

[Pernat1y]

Specify price. Thanks.

 

[ORCA]

1

Specify price. Thanks.

150$ with the source code, please contact me at Mr-ORCA666@protonmail. com
for the features.

 

[x4k]

you should have indicated that file.pdf is not opened by adobe reader, but executed in a different way and that it could be called whatever you like. it would be fair at least

 

[ORCA]

you should have indicated that file.pdf is not opened by adobe reader, but executed in a different way and that it could be called whatever you like. it would be fair at least

nice note, i tried that, this will make me add the header && the footer to the shellcode [pdf file] that are related to a normal pdf file,
the problem wont be here, the problem is in reading the pdf file, it will cause the shellcode to crash [while injection] thats because of the new bytes that are getting injected [footer and header]
so ill need then to strip these out from the file before injecting, that will be a trouble, cz we then will expose the shellcode to the av as char [else how to save the stripped shellcode from the useless bytes]
this will then make me add some encryption algo to the shellcode, and thats has its own cons cz it will be suspicious by a lot of avs ... in addition of making the code bigger ... and thus the binary too

idk if u know what i mean, i tried that anyways as a first phase [without encryption], it flagged the shellcode.
anyways thats a nice note

 

[ORCA]

you should have indicated that file.pdf is not opened by adobe reader, but executed in a different way and that it could be called whatever you like. it would be fair at least

if u purchased the loader u can change the download path of the pdf, u can hide it in another directory, and read it from there, u can do that by just changing paths :p

 

[Nagi]

Can I get cobalt strike (v 4.3) ?

 

[ORCA]

Can I get cobalt strike (v 4.3) ?

please contact me at Mr-ORCA666@protonmail.com for more details

 

[x4k]

please contact me at Mr-ORCA666@protonmail.com for more details

do u try corkami? mitra? i seen so however in corkami pocs ;-) one of his tool have power to make pdf<->exe. but need to some edit.. if any method help you to finish that job or to start some other) write pm ;-)

 

[x4k]

but any way i walked to strip(replace) some bytes (also i try shatter method(collide)) i get crash. it is very interesting way but if you are autor ;-) also try. and mb snowcrash (search somewhere in g) poliglot(if i can remember this thing use psreflection method).

 

[ORCA]

but any way i walked to strip(replace) some bytes (also i try shatter method(collide)) i get crash. it is very interesting way but if you are autor ;-) also try. and mb snowcrash (search somewhere in g) poliglot(if i can remember this thing use psreflection method).

i wish mate, the problem im trying to pay college, and i dont have time to get creative so im building something im familiar with, which is building loaders, right now, im building a bundle, like 3 loaders, i will sell the source code of them all together, they will all be heavy advanced stuff, idk if ur interested, but im planning to bypass kaspresky in at least one of the loaders, and ill probably sell the code for 3 ppls only, to limit it .

so i cant have time trying to figure out new stuff, thats the problem, i will as soon im done this summer semester tho, if u like to be a fixed costumer that i can send u update or new code let me know, i have other plans, (not only loaders)

plus, lol, i tried dming u, u restricted the access to ur profile :|
im new to this website, bcz i have been said that i may found some customers here, so idk if this restriction is something i can get over or i can dm u from somewhere else ..

 

[x4k]

u can pm me. clict to nickname leftside

 

[ORCA]

Okay !

 

[gple1312]

1

150$ with the source code, please contact me at Mr-ORCA666@protonmail. com
for the features.

I paid you now 150$ through forum deposit
and will send you mail and tox in pm now

 

[my_reality_is_just_differ]

I think this is an interesting idea, but you're still leading off with a CLD stack alignment and call. As mentioned before the PDF headers are missing and you seem to be running ASCII representations of BYTE values formatted in a way that Python could interoperate them. If I had to guess you're applying something like:

Read data and split on \x0a
Remove spaces and convert ascii hex to python bytes
inject segment
loop

Two thoughts:
1. I believe there are a number of signatures which look for loose representations of ASCII HEX like that
2. You're still leading with classic shellcode operations. CLD, stack alignment, relative call. Assuming this is just a default payload you converted. If you want your redteams to get past the blue teams you would need to mix it up and avoid using predictable patterns possibly by applying a simple XOR or ROT to your ASCII version of the code as part of the compilation process.

Interesting project though - best of luck with uni

 

[whobornin1990]

1

150$ with the source code, please contact me at Mr-ORCA666@protonmail. com
for the features.

hi. still work the dropper and fud ? can i use the droper to download a dll and run it via rundll32.exe ? or only work with shellcode ? thank you ! i am interested to buy ! thank`s in advice for reply !

 

[Woke]

hi. still work the dropper and fud ? can i use the droper to download a dll and run it via rundll32.exe ? or only work with shellcode ? thank you ! i am interested to buy ! thank`s in advice for reply !

it seem that code is here. https://github.com/ORCA666