Nimplant exited after several seconds of execution

[ghost]

Before starting I want you to note that there's no Security solution present on the testing Windows-10 Updated machine. Everything form Defender to Firewall was turned off

I tried to pack the Pack Nimplant's generated binary "NimPlant.exe" into Nimcrypt2, just to see what will be it's behavior and working On execution I gave me a callback, but after 10-15 seconds I session died!

After then I through that it's because of some error in NimCrypt2, so I bought a private Nim Based Crypter and tried to do same, but this time also after 10-15 seconds the NimPlant's Process get terminated itself. Why ???

Please set sleep time from 60 seconds to 10 seconds to see visible results faster. Just clone Nimcrypt2 and run it on NimPlant's generated binary and check it yourself

[chvancooten]

Hello!

Thanks for taking the time to report this issue. Unfortunately I cannot provide support for Nimplant in relation to external packers, since there are too many external factors that could cause the implant to die. Examples are injection methods, optimization flags (especially with Nim packers), or sleep mask functionality.

If the same problem persists with only the raw binaries (EXE/DLL) or shellcode please provide some further information to reproduce the issue.

Please set sleep time from 60 seconds to 10 seconds to see visible results faster.

You can do this yourself via the configuration file, please check the docs.

Closing this for now, please provide additional input on the above if you believe this is in error.

[ghost]

Thanks, for your reply But I think that you misunderstood something, no it's not your fault actually I wrote a bad grammar

Response/Question:- I am not asking you a "How to" question to configure Sleep time, I know that can be done through config.toml file Actually The last two line were "Steps to Reproduce", I know I didn't wrote them clearly Just decreasing sleep time, makes to see the result faster and nothing else

I problem is that, the NimPlan't generated binary "NimPlant.exe" cannot be used with some other Loaders, whether they are written in C or in Nim language. They execute the Binary and a Callback is also received BUT, after 15-20 seconds it becomes unresponsive and stop calling back (Again, Firewall is turned off, so you can't blame it for that)

I am not asking you to modify code for me, I just want you to tell where's the problem lying. Then I will rewrite/modify the code myself. You just give me hint :)

Also, We can't say the problem is with Loaders/Packers as they loads other binary very smoothly!

Below are some Publically available Open Source Loaders That you can test with:- 1) NimCrypt2 (https://github.com/icyguider/Nimcrypt2) 2) FilelessPELoader (https://github.com/TheD1rkMtr/FilelessPELoader)

Just make your generated binary pass through them, and upon execution you can see a callback which will die after 2-3 callbacks

[chvancooten]

Sorry for misunderstanding and thanks for clarifying the sleep configuration thing :)

However, I stand by my point that it is impossible for me to support issues related to the use of other tools in conjunction with Nimplant. When I find some time I can test Nimplant in conjunction with other public tools, but primarily my testing has been conducted in conjunction with either basic shellcode loaders or NimPackt (my own packer), and it has always worked when I released a new version.

I problem is that, the NimPlan't generated binary "NimPlant.exe" cannot be used with some other Loaders, whether they are written in C or in Nim language.

I meant to say that I can only provide support for the "raw" payloads (like .exe that is double-clicked on) when they are crashing, not the ones resulting from other tools :)