Open qwer0123456 opened 3 years ago
i think you are using something like runpe or other way to inject into other process.
the inject behavior is very easy to be detected. even than process exit
why not try other way but not inject ?
---Original--- From: @.> Date: Sat, Apr 17, 2021 16:23 PM To: @.>; Cc: @.***>; Subject: [qwqdanchun/DcRat] Client Disconnect option (#14)
case "close": Methods.ClientExit(); Environment.Exit(0); -> Process Exit
Execute payload from memory
When you exit the program, the process is terminated
If normal process is terminated, anti virus detection or The target process is suspect
This is a suggestion from now on
System Control -> Client Control -> TCP ALL Close Menu Function
I want to initialize only the network disconnect, mutex termination, and object in memory.
The process must not be terminated (since it was executed from memory)
No need to kill the process if running in memory
This leads to better persistence and concealment
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.
When the injected web browser is terminated, an error in the process
By injecting into a normal web browser(chrome,ie,etc)
If you use runpe, even if you close normal chrome, the runpe chrome is still there.
kill the process yes but
I only want to disconnect the client server network and remove the mutex
case "close": Methods.ClientExit(); Environment.Exit(0); -> Process Exit
This is a suggestion from now on
System Control -> Client Control -> TCP Connect ALL Close Menu Function
I want to initialize only the network disconnect, mutex termination, and object in memory.
The process must not be terminated (since it was executed from memory)
No need to kill the process if running in memory
This leads to better persistence and concealment