ivan-sincek / malware-droppers

Custom malware droppers written in multiple languages.

c-sharp ethical-hacking malware mimikatz offensive-security process-hollowing red-team-engagement security visual-studio windows decoder encoder penetration-testing windows-penetration-testing defensive-security reverse-engineering

Malware Droppers

The goal of this project is to show a variety of custom malware droppers.

Useful websites:

Made for educational purposes. I hope it will help!

Table of Contents

1. C# Process Hollowing
- 1.1 Encoder

1. C# Process Hollowing

Using gzip, XOR, and Base64 to encode Mimikatz v2.2.0 (64-bit); using process hollowing into C:\Windows\System32\cmd.exe (64-bit) to run it.

Built with Visual Studio Community 2019 v16.11.10 (64-bit), written in C# (.NET Framework v3.5), and tested on Windows 10 Enterprise OS (64-bit).

Check the code in these files:

/src/Dropper/Dropper/Payload.cs (payload | set your encoded PE string here)
/src/Dropper/Dropper/XZip64.cs (decoder)
/src/Dropper/Dropper/Program.cs (main | set your decoding key here)
/src/Dropper/Dropper/Process.cs (process hollowing)

1.1 Encoder

Usage: Encoder.exe <file> <key>

About

Custom malware droppers written in multiple languages.

c-sharp ethical-hacking malware mimikatz offensive-security process-hollowing red-team-engagement security visual-studio windows decoder encoder penetration-testing windows-penetration-testing defensive-security reverse-engineering

MIT License

Languages

Language:C# 100.0%