Locked GhostShell - Malware Indetectable, With AV Bypass Techniques, Anti-Disassembly

[itsMe]

This is the hidden content, please

• Sign In
• or
• Sign Up

Malware indetectable, with AV bypass techniques, anti-disassembly, etc.

GhostShell

In this malware, are used some techniques to try bypass the AVs, VMs, and Sandboxes, with only porpuse to learning more. I'm not responsible for your actions.

Bypass Techniques

Anti-Debugger

To try bypass the Debuggers, I'm using the "IsDebuggerPresent()" of "Windows.h" librarie to checks if a debugger is running.
Anti-VM / Anti-Sandbox / Anti-AV

Enumerate Process Function

    Enumerates all process running on the system, and compares to the process in the black-list, if found a process and this is equal to any process in the black-list returns -1 (identified).

Sleep Acceleration Check Function

    First, gets the current time, and sleeps 2 minutes, then, gets the time again, and compare, if the difference is less than 2, returns -1 (identified).

Mac Address Check Function

    Gets the system mac address and compare to the macs, in the black-list, if the system mac address is equal to any mac in the black-list returns -1 (identified).

This is the hidden content, please

• Sign In
• or
• Sign Up