try to make it FUD - Githubissues

bytecode77 / r77-rootkit

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

https://bytecode77.com/r77-rootkit

BSD 2-Clause "Simplified" License

1.66k stars 398 forks source link

try to make it FUD #93

Closed charlesmigel closed 1 month ago

charlesmigel commented 1 month ago

I have run an encryption using XOR cipher, and the scan detection is fixed, so when I scan it, it works, and it's fully undetectable (FUD). However, when I run the shellcode, it encounters a problem during execution. It says that powershell stager.exe is not FUD, and suspicious activity is detected. My question is: do you have any suggestions on how I can make it FUD, or do you have a solution?

Here is a picture photo_2024-10-07_00-31-15

venkovisual commented 1 month ago

loool just crypt it 💀

bytecode77 commented 1 month ago

Hm... r77 is FUD when using Windows Defender. For at least the past 6 months Windows Defender has done nothing to detect r77.

If you're using a different AV, then there might be an issue that allows detection. However I can't fix individual AV issues all the time. I only do implementation improvements to support AV evasion and Windows Defender in particular.