It was really fun to make this project! This project have a lot of great features and a very good website control for the bots.
The final Malware will bypassing UAC, installing rootkit on 32 bit systems, obfuscated strings, Anti-VM technique, Process Hollowing , Communicate with the website control using CURL (curl is preinstalled in every windows!).
✔️ The malware hiding a DLL to bypass UAC and a Rootkit in new sections.
✔️ Bypassing UAC using UAC hijacking on the program ComputerDefaults.exe in a "Windows " folder.
✔️ Create a task for the malware in Task Schduler in the path "Microsoft\Windows\Security" with high privileges.
✔️ If the system is 32-bit install and start the rootkit.
✔️ If the system is 64-bit the malware will start Process Hollowing
The malware communicate with a control website, this is the current attacks:
✔️ Screenshot
✔️ Task Scheduler
✔️ Remote Shell
✔️ File Manager
✔️ File Explorer
✔️ Keylogger
✔️ Client Info
Main website control - list the clients and show info about them
Victim profile page
The Rootkit is for 32-bit systems. https://github.com/ElliotAlderson51/Kernel-Rootkit-32Bit
✔️ Protect Files (Read\Write\Create\Delete\Rename\Open\Execute)
✔️ Hide Process
✔️ Protect Process, Thread
✔️ Protect Registry Keys (Open\Create\Delete\Set)
✔️ Bypass privilege checks
Create a DLL that will be hijacked to ComputerDefaults to start the malware with high privilege.
https://github.com/ElliotAlderson51/Bypass-UAC
This Projects will inject a file to new section in another file.
Injector.exe "section name" "target" "file"
This is the Control Website the malware is communicate with to get the commands to execute.
This website have hardcoded url in the malware code, the malware will get the Control Website url from this website.
I create this website so if there is a problem with the Control Website you can just upload the Control Website again and change the url in this website.
This solutions was helping me to build the final malware
This automated the build of the final malware.
✔️ UPX the DLL file
✔️ Inject the DLL and the Rootkit to new sections.
This helps me to obfuscate the strings in the malware.
- Obfuscate Imports
This project is for EDUCATIONAL PURPOSES ONLY. You are the only responsable for your actions! Happy Hacking (;