itsMe Posted June 1, 2023 Share Posted June 1, 2023 This is the hidden content, please Sign In or Sign Up KittyStager is a stage 0 C2 comprising an API, client, and malware. The API is responsible for delivering basic tasks and shellcodes to be injected into memory by the malware. The client also connects to the API and allows for interaction with the malware by creating tasks. The goal of KittyStager is to deploy a simple stage 0 payload onto the target system and gather enough information to adapt the payload to the specific target. As the stage 0 payload is intended to be as stealthy as possible, it does not include any command execution capabilities. Features A simple cli to interact with the implant API : A web server to host your kittens HTTPS Yours files in /upload are available on /upload Reconnaissance : Hostname, domain, pid, ip… AV or EDR solution with wmi Process list Encryption : Key exchange with Opaque Chacha20 encryption Malware capabilities : Create thread injection Bananaphone (Hell’s gate variant) Halo’s gate ETW patching Sleep with jitter Remove of the binary from disk Sandbox : Check ram Check a none existing website Payload : Raw shellcode Hex shellcode Build : Generate the kitten from the config file Compile the kitten with go & garble Sign the kitten with a copied certificate Generate description This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts