search

bytecode77 / r77-rootkit

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
https://bytecode77.com/r77-rootkit
BSD 2-Clause "Simplified" License
1.6k stars 391 forks source link

file not found: Resources\Stager.exe #92

Open error0x1337 opened 1 day ago

bytecode77 commented 1 day ago

The more description, the faster your problem will be solved...

The target framework of Stager.csproj is set to .NET 3.5 for reasons described in the documentation. You probably need to install that framework version.

error0x1337 commented 1 day ago

The more description, the faster your problem will be solved...

The target framework of Stager.csproj is set to .NET 3.5 for reasons described in the documentation. You probably need to install that framework version.

Thanks ill try that.

I've one more question, If the rootkit hides the registry $77-configuration from which we have to hide the executable, how to write to the config programmatically to set keys?

(and is this the only way to hide our custom executable?)

error0x1337 commented 22 hours ago

@bytecode77 I installed the service, it was working fine. but after reboot its fucked up. when i open the testconsole it said "r77 service is not running"

bytecode77 commented 20 minutes ago

I've one more question, If the rootkit hides the registry $77-configuration from which we have to hide the executable, how to write to the config programmatically to set keys?

The registry key will not appear, but you can still open it and write to it, even without elevated privileges. There are other ways, too, to hide an executable (see the documentation)