antonioCoco
commented
1 year ago yeah, i know. Some threat actors have been using this shell and many vendors flagged this as malicious. IMO it's not wise to detect malicious usages of this tool statically, but everyone is free to create detection in the way it prefers. I'm not going to play the cat-and-mouse game for static detection evasion, so if you want to use it on your systems please use exclusions on your AV software. If you need to use this in your red team engagements, well i don't have to tell what you need to do ;)
Not sure there's anything you can do about it, but the .ps1 file and the .exe files are recognized as malware by some antivirus softwares (unfortunately including my Eset installation).
https://www.virustotal.com/gui/file/376713183026ccc822e9c1dead28cc81c7cfa7ad1c88e368ada6c31ce3909a2e https://www.virustotal.com/gui/file/e8734f6ab6ba0ad51c2a517b8e03b57819a3cce7e6016374917b9fefe3fd3ec1 https://www.virustotal.com/gui/file/a243b10d8cb1a52e6734a0269512361fb22c57433d66940ea19f82582237ab41