Hi, I am trying to emulate Turla Snake Day 2. I compile snake drivers and installer also compiled EPIC payload to connect my control server. EPIC payload successfully connects to control server and from control server I copied snake payload to victim machine and executed snake installer.
Snake installer successfully loaded vulnerable driver and deleted. Now on edge I browsed some url to make some internet connections. And i can see "C:\Windows\msnsvcx64.dll" is loaded in msedge.exe process. Heartbeat was sent and contrl server responded with "1". now I don't see injection into taskhostw.exe and GUID is not registered on control server. What could be the problem? could you please guide me.
vishalsk1
commented
1 month ago
Contribution Description
Hi, I am trying to emulate Turla Snake Day 2. I compile snake drivers and installer also compiled EPIC payload to connect my control server. EPIC payload successfully connects to control server and from control server I copied snake payload to victim machine and executed snake installer. Snake installer successfully loaded vulnerable driver and deleted. Now on edge I browsed some url to make some internet connections. And i can see "C:\Windows\msnsvcx64.dll" is loaded in msedge.exe process. Heartbeat was sent and contrl server responded with "1". now I don't see injection into taskhostw.exe and GUID is not registered on control server. What could be the problem? could you please guide me.
Supporting files or evidence
No response
Where did you find this information?
No response
Operating System
Windows
Code of Conduct