Hard time making a Remote Adminstration Tool

[15]

I spent about 1.5 months trying to make my RAT FUD using many techniques like branching a lot, reordering routines, reordering instructions, adding garbage instructions, Encryption, etc. but still I can't get it to bypass windows defender.

Before I knew about any of these techniques it was undetectable by most AVs, It was getting 3/50 on Virustotal, but over time it became easily detected.

Now I have an engine that generates all the c/c++ code of the RAT decryptor that generates random versions of the client with random signatures but I still can't pass the behavioral analysis.

Sometimes It doesn't even pass the heuristics scan, (depends on the generated version).

I've read a lot of PDFs but all of the techniques described in them are kind of old-school, and can easily get detected by an antivirus/antimalware not even a (human analyst).

I don't wanna recreate the client decrypter every time it gets detected.

Do you know any NEW resources where I can learn about NEW AV evasion and sandbox detection techniques?

[50]

what software language are you using?

[15]

what software language are you using?

c++ as I mentioned in the post

[95]

I spent about 1.5 months trying to make my RAT FUD using many techniques like branching a lot, reordering routines, reordering instructions, adding garbage instructions, Encryption, etc. but still I can't get it to bypass windows defender.

Before I knew about any of these techniques it was undetectable by most AVs, It was getting 3/50 on Virustotal, but over time it became easily detected.

Now I have an engine that generates all the c/c++ code of the RAT decryptor that generates random versions of the client with random signatures but I still can't pass the behavioral analysis.

Sometimes It doesn't even pass the heuristics scan, (depends on the generated version).

I've read a lot of PDFs but all of the techniques described in them are kind of old-school, and can easily get detected by an antivirus/antimalware not even a (human analyst).

I don't wanna recreate the client decrypter every time it gets detected.

Do you know any NEW resources where I can learn about NEW AV evasion and sandbox detection techniques?

Add a shit ton of gibberish code, encrypt traffic, and XOR the executable. Don't write ANY changes to the disk unless you are sure it's not a VM.
Also, add some kind of network-based anti analysis thing

---

I spent about 1.5 months trying to make my RAT FUD using many techniques like branching a lot, reordering routines, reordering instructions, adding garbage instructions, Encryption, etc. but still I can't get it to bypass windows defender.

Before I knew about any of these techniques it was undetectable by most AVs, It was getting 3/50 on Virustotal, but over time it became easily detected.

Now I have an engine that generates all the c/c++ code of the RAT decryptor that generates random versions of the client with random signatures but I still can't pass the behavioral analysis.

Sometimes It doesn't even pass the heuristics scan, (depends on the generated version).

I've read a lot of PDFs but all of the techniques described in them are kind of old-school, and can easily get detected by an antivirus/antimalware not even a (human analyst).

I don't wanna recreate the client decrypter every time it gets detected.

Do you know any NEW resources where I can learn about NEW AV evasion and sandbox detection techniques?

Add a shit ton of gibberish code, encrypt traffic, and XOR the executable. Don't write ANY changes to the disk unless you are sure it's not a VM.
Also, add some kind of network-based anti analysis thing

Also, make a dropper that downloads a pass protected ZIP, and only extracts and runs it using a key that it got from a remote server if the computer isn't a vm.

[15]

I spent about 1.5 months trying to make my RAT FUD using many techniques like branching a lot, reordering routines, reordering instructions, adding garbage instructions, Encryption, etc. but still I can't get it to bypass windows defender.

Before I knew about any of these techniques it was undetectable by most AVs, It was getting 3/50 on Virustotal, but over time it became easily detected.

Now I have an engine that generates all the c/c++ code of the RAT decryptor that generates random versions of the client with random signatures but I still can't pass the behavioral analysis.

Sometimes It doesn't even pass the heuristics scan, (depends on the generated version).

I've read a lot of PDFs but all of the techniques described in them are kind of old-school, and can easily get detected by an antivirus/antimalware not even a (human analyst).

I don't wanna recreate the client decrypter every time it gets detected.

Do you know any NEW resources where I can learn about NEW AV evasion and sandbox detection techniques?

Add a shit ton of gibberish code, encrypt traffic, and XOR the executable. Don't write ANY changes to the disk unless you are sure it's not a VM.
Also, add some kind of network-based anti analysis thing

---

I spent about 1.5 months trying to make my RAT FUD using many techniques like branching a lot, reordering routines, reordering instructions, adding garbage instructions, Encryption, etc. but still I can't get it to bypass windows defender.

Before I knew about any of these techniques it was undetectable by most AVs, It was getting 3/50 on Virustotal, but over time it became easily detected.

Now I have an engine that generates all the c/c++ code of the RAT decryptor that generates random versions of the client with random signatures but I still can't pass the behavioral analysis.

Sometimes It doesn't even pass the heuristics scan, (depends on the generated version).

I've read a lot of PDFs but all of the techniques described in them are kind of old-school, and can easily get detected by an antivirus/antimalware not even a (human analyst).

I don't wanna recreate the client decrypter every time it gets detected.

Do you know any NEW resources where I can learn about NEW AV evasion and sandbox detection techniques?

Add a shit ton of gibberish code, encrypt traffic, and XOR the executable. Don't write ANY changes to the disk unless you are sure it's not a VM.
Also, add some kind of network-based anti analysis thing

Also, make a dropper that downloads a pass protected ZIP, and only extracts and runs it using a key that it got from a remote server if the computer isn't a vm.

I've made an engine that randomly adds garbage instructions and swap some of the original instructions with others which prevented signature-based detection, but I'm stuck with heuristic and dynamic analysis. Yesterday I started working on a custom packer to bypass heuristics, I think it's the best way to do that since the AV can't know what APIs my RAT is calling, etc.

I don't know about dynamic analysis though, the old techniques such as delaying, detecting memory change, detecting debugging, detecting VM didn't work. matter of fact some of them are triggering false positives.

I think I'll take a long time before I find a way to detect virtualization/sandboxing/debugging without triggering a false positive. I like the idea of a dropper since sometimes it's very effective although it's very simple.

I once made a dropper that runs at startup but only checks the date and only executes on a certain date which made a little delay before it got detected. I guess I'm going to keep messing around with the dropper idea for a while.

The biggest problem though is that I found that some VMs (I think some of them are not) are executing the malware simply with no debugger handle or anything. but it only happened when uploaded to virus-total. it happened 5 times when I got a session on the VM machine and started executing some commands (a lot of them are restricted, especially hardware info commands). I guess those machines are not escapable although they would be very slow.

Anyway, I think I take a look at the network-based detection, and I think a pass-protected zip file is not really necessary and you still store the password hardcoded in the client, so it's not any different than encrypting a PE or even a shellcode (never made one, this shit is hard to do) then decrypt when it's safe to, then you execute it in memory. which is more compact.

And also C2s are being constantly blocked when extracted from the binary, I haven't found any solution to this other than having a lot of money.

[33]

I spent about 1.5 months trying to make my RAT FUD using many techniques like branching a lot, reordering routines, reordering instructions, adding garbage instructions, Encryption, etc. but still I can't get it to bypass windows defender.

Before I knew about any of these techniques it was undetectable by most AVs, It was getting 3/50 on Virustotal, but over time it became easily detected.

Now I have an engine that generates all the c/c++ code of the RAT decryptor that generates random versions of the client with random signatures but I still can't pass the behavioral analysis.

Sometimes It doesn't even pass the heuristics scan, (depends on the generated version).

I've read a lot of PDFs but all of the techniques described in them are kind of old-school, and can easily get detected by an antivirus/antimalware not even a (human analyst).

I don't wanna recreate the client decrypter every time it gets detected.

Do you know any NEW resources where I can learn about NEW AV evasion and sandbox detection techniques?

thinks