Closed zoubaba1997 closed 2 years ago
What I mean is to convert the miner into shellcode and load it directly into the memory for execution, which will avoid most detections.
The miner itself is already loaded into memory using process hollowing..
Can you add a miner shellcode to generate miner? I converted the exe to shellcode but the execution was unsuccessful
I use this method to load other viruses and anti-virus software will not warn me, so I think it is also possible to load miners in this way
The miner installer/injector is a .NET program, I'm guessing you mean injecting programs with RunPE (process hollowing) and not shellcode itself. To inject it with RunPE you would have to find an injector that supports .NET 64-bit programs, but if you for some reason would want to convert it to shellcode then the whole miner installer/injector would have to be recreated as a native file as it is a managed file (C#) right now. The next unified miner I've been working on for a few months is made in C (native) but I still have things left to do before it's completed.
I just want a miner’s shellcode, I don’t need to inject it into
Since the miner installer/injector is made in .NET you would need to find something that supports that, maybe something like https://thewover.github.io/Introducing-Donut/.
I used the doughnut yesterday, I directly converted the final miner into shellcode and he did not run it.
Make sure to enter all the options correctly.
You can also try using the file without a loader by enabling "Pause for Obfuscation" and using the [FILENAME]-miner.exe instead of the final file.
Thanks i will try it
Still unsuccessful, can I directly add an option to generate miner exe or shellcode in the next version?
Well I won't add an option for it since 99% of users don't know what shellcode is nor what to do with it, but how are you attempting to run the shellcode? Using something similar to https://github.com/TheWover/donut/tree/master/DonutTest?
I could try and change the whole loader into a shellcode injector made in C if you want me to. I'm guessing running the miner as shellcode might not work since it imports native functions to perform RunPE.
I added you on DISCORD
Can you help me build a miner that does not need RunPE's xmr and etc. I only need to hide the mining and other functions are not needed. I need this miner in the form of shellcode, I can contribute 20% of the computing power bro
No need to be injected into explorer.exe
What kind of other functions? If you don't want it injected (RunPE) into explorer.exe then only real other alterntive is to drop the miner on the disk and run it but that will get detected of course. I've been expirimenting to see if I can get RunPE to work with it, I'm testing to see if you can circumvent the limitation of native functions by using a DLL.
Yes brother, I just need a miner who opens the task manager and stops mining. No other functions or injection are needed. Can you help me? I can convert it into shellcode myself
The shellcode loader I wrote in python will not be killed by Chinese antivirus
I need to put him on the disk to run bro, I don’t understand c# and .net
Both miners now use shellcode injectors (and you can extract the shellcode by making it not remove loader.bin and use the shellcode yourself as well if you want), also messaged you on Discord.
How can I extract loader.bin
Depends on what you mean by shellcode. If you mean shellcode as a payload used to exploit a machine then it's better to use some other shellcode to take control of the computer and then send the miner after control has been taken.