corecorecorecore
commented
3 years ago That's a dropper which would be detected pretty harshly, but overall nice idea
Closed ghost closed 2 years ago
corecorecorecore
commented
3 years ago That's a dropper which would be detected pretty harshly, but overall nice idea
NullCode1337
commented
3 years ago You can make a small script, that downloads and executes the RAT on the target system, therefore you can make the RAT's main executable bigger :)
Unfortunately, I tried that months prior Droppers get detected instantly by vt and other garbage Limiting features was the only viable solution for this one
btw don't forget to star ;)
ghost
commented
3 years ago You can make a small script, that downloads and executes the RAT on the target system, therefore you can make the RAT's main executable bigger :)
Unfortunately, I tried that months prior Droppers get detected instantly by vt and other garbage Limiting features was the only viable solution for this one
btw don't forget to star ;)
obfuscate it, and don't use Python for that stuff. Anything packed with PyInstaller or Py2Exe gets detected instantly. Use C# or C for dropping stuff
corecorecorecore
commented
3 years ago You can make a small script, that downloads and executes the RAT on the target system, therefore you can make the RAT's main executable bigger :)
Unfortunately, I tried that months prior Droppers get detected instantly by vt and other garbage Limiting features was the only viable solution for this one btw don't forget to star ;)
obfuscate it, and don't use Python for that stuff. Anything packed with PyInstaller or Py2Exe gets detected instantly. Use C# or C for dropping stuff
no surely not, any file that drops something gets detected, and since pyinstaller drops files either way its probably the best one to use
ghost
commented
3 years ago You can make a small script, that downloads and executes the RAT on the target system, therefore you can make the RAT's main executable bigger :)
Unfortunately, I tried that months prior Droppers get detected instantly by vt and other garbage Limiting features was the only viable solution for this one btw don't forget to star ;)
obfuscate it, and don't use Python for that stuff. Anything packed with PyInstaller or Py2Exe gets detected instantly. Use C# or C for dropping stuff
no surely not, any file that drops something gets detected, and since pyinstaller drops files either way its probably the best one to use
you could also embed the Python code in a C binary, just google how
NullCode1337
commented
3 years ago You can make a small script, that downloads and executes the RAT on the target system, therefore you can make the RAT's main executable bigger :)
Unfortunately, I tried that months prior Droppers get detected instantly by vt and other garbage Limiting features was the only viable solution for this one btw don't forget to star ;)
obfuscate it, and don't use Python for that stuff. Anything packed with PyInstaller or Py2Exe gets detected instantly. Use C# or C for dropping stuff
you're right pyinstaller gets detected
I just had a massive brainwave (co-op w/ buntii) that could reduce detections significantly. Gonna be implementing that p soon
As for your dropper thingy, not possible without VT giving like 50 detections The sole purpose of NullRAT is to have a clean usable rat interface with as few detections as possible
NullCode1337
commented
3 years ago you could also embed the Python code in a C binary, just google how
C binaries with python code are like 20mb lmfao
mfn003
commented
2 years ago You can make a small script, that downloads and executes the RAT on the target system, therefore you can make the RAT's main executable bigger :)
Unfortunately, I tried that months prior Droppers get detected instantly by vt and other garbage Limiting features was the only viable solution for this one btw don't forget to star ;)
obfuscate it, and don't use Python for that stuff. Anything packed with PyInstaller or Py2Exe gets detected instantly. Use C# or C for dropping stuff
I have heard of Py2Exe being detected as a false positive, but never heard of PyInstaller getting flagged
ghost
commented
2 years ago Nuitka has 0 detections, so its a much better alternative
NullCode1337
commented
2 years ago Nuitka has 0 detections, so its a much better alternative
20mb payloads... anyway this non-issue's gonna be closed, because why
You can make a small script, that downloads and executes the RAT on the target system, therefore you can make the RAT's main executable bigger :)