GIT - TerraLdr ‘Payload loader”

[71]

TerraLdr - A Payload Loader Designed With Advanced
Evasion Features

like, comment, stick a finger in ur butt, etc..;
 
TerraLdr: A Payload Loader Designed With Advanced Evasion Features Details:

• no crt functions imported
  
• syscall unhooking using KnownDllUnhook
  
• api hashing using Rotr32 hashing algo
  
• payload encryption using rc4 - payload is saved in .rsrc
  
• process injection - targetting 'SettingSyncHost.exe'
  
• ppid spoofing & blockdlls policy using NtCreateUserProcess
  
• stealthy remote process injection - chunking
  
• using debugging & NtQueueApcThread for payload execution
  

Usage:

• use GenerateRsrc to update DataFile.terra that'll be the payload saved in the .rsrc section of the loader
  

Thanks For:

• https://offensivedefence.co.uk/posts/ntc...erprocess/
  
• https://github.com/vxunderground/VX-API
  

Profit:

 

Hidden Content

You must register or login to view this content.

Tele: @G0G0Provides

[28]

will test

[261]

TerraLdr - A Payload Loader Designed With Advanced
Evasion Features

like, comment, stick a finger in ur butt, etc..;
 
TerraLdr: A Payload Loader Designed With Advanced Evasion Features Details:

• no crt functions imported
  
• syscall unhooking using KnownDllUnhook
  
• api hashing using Rotr32 hashing algo
  
• payload encryption using rc4 - payload is saved in .rsrc
  
• process injection - targetting 'SettingSyncHost.exe'
  
• ppid spoofing & blockdlls policy using NtCreateUserProcess
  
• stealthy remote process injection - chunking
  
• using debugging & NtQueueApcThread for payload execution
  

Usage:

• use GenerateRsrc to update DataFile.terra that'll be the payload saved in the .rsrc section of the loader
  

Thanks For:

• https://offensivedefence.co.uk/posts/ntc...erprocess/
  
• https://github.com/vxunderground/VX-API
  

Profit:

 

thx