Tasks are not executing

[stealthsploit]

Hi,
I've been unable to get most tasks I'm trying, to execute. I've only had success with Rubeus Kerberoast and Seatbelt so far. The error i'm receiving when trying for example, SamDump, Mimikatz lsadump::sam, Safetykatz, ShellCmd 's and many others is below.

Task Exception: Could not load file or assembly '744960 bytes loaded from hodvz3ev.ine, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. An attempt was made to load a program with an incorrect format.
at System.Reflection.RuntimeAssembly.nLoadImage(Byte[] rawAssembly, Byte[] rawSymbolStore, Evidence evidence, StackCrawlMark& stackMark, Boolean fIntrospection, Boolean fSkipIntegrityCheck, SecurityContextSource securityContextSource)
at System.Reflection.Assembly.Load(Byte[] rawAssembly)
at GruntExecutor.Grunt.TaskExecute(TaskingMessenger messenger, GruntTaskingMessage message)

I've built Covenant from scratch on both dotnet and docker, ensuring i recurse sub-modules when I clone.

Covenant platform: Ubuntu 16.04 4.4.0-146-generic
Target OS: Windows 10 1903 (18362.239)
Target .NET version: Net40
Tested on Chrome 76.0.3809.100 and Opera 63.0.3368.35

Any help would be greatly appreciated.

[cobbr]

Is .NET 4.8 installed on the target system?

[stealthsploit]

Sorry, forgot to add, yes 4.8 is installed

[cobbr]

I think you might be running into an AMSI issue. Can you try to disable Defender and see if the issue persists?

You just need to set the following by using gpedit:

Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Turn off Windows Defender Antivirus: Enabled
Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Real-time Protection -> Turn off real-time protection: Enabled

[stealthsploit]

Thanks, yes AMSI was interfering.