GIT - TerraLdr Payload loader

[fightsdntmatter]

TerraLdr - A Payload Loader Designed With Advanced
Evasion Features

like, comment, stick afinger in ur butt, etc..;

TerraLdr: A Payload Loader Designed With Advanced Evasion FeaturesDetails:

• no crt functions imported
  
• syscall unhooking usingKnownDllUnhook
  
• api hashing using Rotr32 hashing algo
  
• payload encryption using rc4 - payload is saved in .rsrc
  
• process injection - targetting 'SettingSyncHost.exe'
  
• ppid spoofing & blockdlls policy using NtCreateUserProcess
  
• stealthy remote process injection - chunking
  
• using debugging & NtQueueApcThread for payload execution

Usage:

• useGenerateRsrcto updateDataFile.terrathat'll be the payload saved in the .rsrc section of the loader

Thanks For:

• https://offensivedefence.co.uk/posts/ntc...erprocess/
  
• https://github.com/vxunderground/VX-API

Profit:



[HIDE] https://github.com/ORC41/TerraLdr
[/HIDE]
Tele: @G0G0Provides

 

[alhosane]

will test

 

[YuuCMYK]

(31 October, 2022 - 11:00 PM)fightsdntmatter Wrote: Show More
TerraLdr - A Payload Loader Designed With Advanced
Evasion Features

like, comment, stick afinger in ur butt, etc..;

TerraLdr: A Payload Loader Designed With Advanced Evasion FeaturesDetails:

• no crt functions imported
  
• syscall unhooking usingKnownDllUnhook
  
• api hashing using Rotr32 hashing algo
  
• payload encryption using rc4 - payload is saved in .rsrc
  
• process injection - targetting 'SettingSyncHost.exe'
  
• ppid spoofing & blockdlls policy using NtCreateUserProcess
  
• stealthy remote process injection - chunking
  
• using debugging & NtQueueApcThread for payload execution

Usage:

• useGenerateRsrcto updateDataFile.terrathat'll be the payload saved in the .rsrc section of the loader

Thanks For:

• https://offensivedefence.co.uk/posts/ntc...erprocess/
  
• https://github.com/vxunderground/VX-API

Profit:

thx