The first step is to create a shellcode and upload it in a server.
Here, the shellcode is created using msfvenom
tool with the meterpreter payload.
Note that while creating the meterpreter payload, give the LHOST as your C&C server IP.
This shellcode is uploaded into the remote server, from which the malware downloads it and executes it directly from memory.
Once the shellcode is uploaded, you can craft the malware (client-side) by building the SourceCode.cpp
file into a Windows Executable.
The following steps explains how to obfuscate the malicious executable into an image-like file:
Step 1: Select the executable malware and an icon file (.ico), right click on both, and select “Add to archive”.
Step 2: In the General tab under the Archiving Options, check “Create SFX Archive”.
Step 3: Go to the Advanced tab and click on SFX options.
Step 4: Under the Setup tab, add the names of the image file and the exe file.
Step 5: Go to the Modes tab, under Silent Mode, select “Hide all”.
Step 6: Go to the Text and icon tab, and load the image icon.
Step 7: Go to the Update tab, and under Overwrite mode, select Overwrite all files.
Step 8: Click OK and OK.
Now, once the user click on it, it will run the executable and thus establishing a reverse connection to the C&C server.
Check out the project report for detailed explanations and forensic analysis.
Disclaimer: This repository contains potentially harmful code which is intended ONLY for educational/research purposes. Any malicious/unethical usage of such code is highly discouraged and I'm not responsible for such. Please use it responsibly.