qwqdanchun
commented
3 years ago i think you are using something like runpe or other way to inject into other process.
the inject behavior is very easy to be detected. even than process exit
why not try other way but not inject ?
---Original--- From: @.> Date: Sat, Apr 17, 2021 16:23 PM To: @.>; Cc: @.***>; Subject: [qwqdanchun/DcRat] Client Disconnect option (#14)
case "close": Methods.ClientExit(); Environment.Exit(0); -> Process Exit
Execute payload from memory
When you exit the program, the process is terminated
If normal process is terminated, anti virus detection or The target process is suspect
This is a suggestion from now on
System Control -> Client Control -> TCP ALL Close Menu Function
I want to initialize only the network disconnect, mutex termination, and object in memory.
The process must not be terminated (since it was executed from memory)
No need to kill the process if running in memory
This leads to better persistence and concealment
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.
qwer0123456
case "close": Methods.ClientExit(); Environment.Exit(0); -> Process Exit
This is a suggestion from now on
System Control -> Client Control -> TCP Connect ALL Close Menu Function
I want to initialize only the network disconnect, mutex termination, and object in memory.
The process must not be terminated (since it was executed from memory)
No need to kill the process if running in memory
This leads to better persistence and concealment