itsMe Posted May 12, 2023 Share Posted May 12, 2023 This is the hidden content, please Sign In or Sign Up Silent, hidden malware downloader. Build your own powerful FUD encrypted stub for your RAT / Remote Administrator Tools. BIT LOADER is a program to convert your RAT .NET stub signature into a full rank rootkit. Note about rootkit := The term Rootkit historically came from the world of UNIX, and this term refers to a set of utilities or a special kernel module that an attacker installs on a computer system that he has hacked immediately after gaining superuser rights. This set, as a rule, includes various utilities for "covering the tracks" of an intrusion into the system, making sniffers, scanners, keyloggers, Trojans invisible, replacing the main UNIX utilities (in the case of a non-nuclear rootkit). Rootkit allows an attacker to gain a foothold in a compromised system and hide traces of their activities by hiding files, processes, and the very presence of a rootkit in the system. Architecture BIT LOADER - as of 2023 only supports .NET signature stubs, c/c++ language signatures are not supported BIT LOADER provides basic functions such as spoofer, multi-app-binder, size substitution for a particular stub Bypass UAC with iscsicpl Iscsicpl.exe binary is vulnerable to vulnerability intercepting the search order of a DLL when running a 32-bit Microsoft binary on a 64-bit host via SysWOW64. This allows you to covertly and discreetly bypass UAC protection. PROCESS C_BSOD - This feature is very strong and has burst and response attributes under your stub process {NtSetInformationProcess} {NtSetInformationProcess} - created under the process of your stubs and when shutting down the stub process calls blue screen of death, which causes a reboot, it is installed under the stub process completely hidden Critical hiding level - This function will turn a regular file into a system-hidden file by changing its article link number to a number between 2 and -2 reserved by the file system. This makes the file invisible and protected from modification. Invisible means that neither the tool explorer nor the dir command will see it. However, the file system treats it as a system file and thus prevents any file with that name from being written to that location. It's like when you try to create a file called $MFT at the root of a volume something like curling a file with $name (r77(https://github.com/bytecode77/r77-rootkit)), which the file system won't let you The only way to modify this file is to write it in a hex editor to a physical disk, but even this requires demodifying the file in such a way that it appears before your eyes Windows Defender exclusions - With this feature, your file will be added to the allowed threats, which will prevent files from being scanned It is worth considering that most commercial antiviruses do not detect NOT allowed threats, and thus will prevent scanning from all antiviruses in the system. Task Scheduler Explosion - This feature causes the task scheduler to be perv-shutdown while your stub is running. Under the stub there are also two subprocesses that load the stub when a specific selected file is opened. The execution structure is fault tolerant due to the fact that all compute nodes participate in the process of sending and processing jobs, this causes an explosion in the task scheduler due to a huge load, with which it is turned off UnHook is planned to be added in the future Skip all virtual spaces - these functions allow you to prevent running in a virtual machine, Bit Loader also has decompiler detection functions, if the stub is tried to be decompiled, it will be launched from the hidden zone due to compilation load Functional Support for .NET stubs Setting multiple paths to inject Silent UAC Bypass Task Scheduler Explosion Critical hiding level Deleting restore points Adding to Windows Defender exclusions BSOD protector Don't let me sleep Delete loader after unloading Process resurrection Disable critical hiding, hides normally Critical FUD (not always) Run through time (pointer) Fake message Kill the botnet Skip vps servers Skip the sandbox Set properties Set icon Skip virtual environments Running a stub on debug Kill bots x64 / NET 2.0 / NET 4.0 architecture support Multi Binder App Low entropy packing Info: Spoiler This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts