[DISCUSS] Is there any actual bypass options?

[marcelo321]

i tried option 2 adn 6, both detected by antirvirus.. just wanted to know what is the best options agains antivirus, andd if you can hide the file somewhere or do something so it bypass the antivirus.

[peterpt]

It is impossible to create any Fully undetectable exe while people to make sure that file is not detected go test it on virus total . Virus total send the infected files to antivirus companies , so they can develop an antivirus. Powershell when we implement it was fully FUD , i tested my self on nodistribute.com . Right now i am not sure about that .

Fatrat is explicit on start up by popping a message "DONT UPLOAD TO VIRUSTOTAL" , even with that , users go test on virus total instead in nodistribute .

[marcelo321]

yea i know, some people are idiots.. i test it on my own computer with premier avast, if it pass the test.. then is a perfect fully FUD. i dont trust any online services...

but there will always people working agains this so it will be very dificult to create a fud backdoor for a very long time. does it change anything if i hide it in another .exe?

[T0T3NK0PF]

Kaspersky IS 2017+ detects all FatRat generated RATS/MSFVenom no matter the option selected. The best one I got so far was with Option 2 then Powerstager 0.2.5 by z0noxz (powershell) (NEW) Kaspersky doesnt detect the RAT file initially but once it executes it does and all communication is terminated. Even Windows 10 Defender picks up and stops most of FATRAT generated payloads too. The Chaos-framework RAT is the only one I saw that's not detected or stopped by Kaspersky... because of a delay in the execution. Something to conciser maybe for future releases since Chaos has an extremely limited shell once connected. High level paid AV's like Bitdefender and Kaspersky are very hard to defeat. Free AV's they are Mostly useless.

[X0R1972]

SORRY to say that but all the sites who test your virus sell them back to antivirus companys even nodistribute....the tentation is to big because there is a lot of money to make with all the dumb people who test all virus that people made months or years to create.. i test my virus in virtual machine and if it is detected i crypt...,decompile it and more till i have no dtetection....but never never test it on line..it is just like shot a bullet in your legg

[T0T3NK0PF]

That's just the thing... all the generated FUD RATS of this project and others are tested by myself offline in our lab against popular AV's and never uploaded to any website online for testing. As that would be stupid to do. Im just pointing out that the guys over at Chaos has an interesting take on getting around AV's however their RAT is seriously lacking features ones connected.

[arismelachroinos]

@mateo24xx Why do you say that even nodistribute sells the info? http://nodistribute.com/faq/

[X0R1972]

because it is true and i read that in a good documented article i can remeber exactly where ..i think it was in krebssecurity...but not sur .. the article explained that there is to much money to make and the tentation to sell to big .. this was explained by a huge list leaked frome AV avast and aeg with all the name of all the online scanners who test and who claimed not to distribute .in fact showing that online scanners selling virus for years to them.

[arismelachroinos]

@mateo24xx thank you