I know that a lot of my code right now is bad but I will improve it later.
- "Innocent" service that serves at a stupid injector (currently using basic dll injection because it doesn't really matter, every normal injection method is already known by AntiViruses).
- The service injects the AlonRAT dll into a system process like
svchost.exeorwinlogon.exe, I haven't decided yet. - The tool queries the c&c server in intervals.
- Both PEs are hardly obfuscated by string obfuscator and winapi obfuscator (using the peb and dynamic loading).
- The tool creates a mutex and the injector is checking that the tool is still alive in intervals, if not it will inject a new one.
- The tool is monitoring after tools like wireshark and stops the connection immediately once detected.
- Run command as system.
- Run command as user using token impersonation.
- Encryption of the on-disk dll.
- Encrypt the code that access the peb.
- Inject to more processes to make some backups if one of the threads crashes.
- Anti debugging.
- Anti virust total (sleeps, get a key from the server to enter a suspicious flow).
- Automatic backdoors insertion.
- Encrypted communication with an AES key.
I am making this tools as a personal project so I will develop it on my own. If you a cool idea for a feature or suggestions for improvements, you can open an issue and if it's cool I will do it.
Bla bla bla this repo is for educational purposes only, don't do shitty things with it.