Jump to content
io.kent

Crypter BAMBU 100% FUD

Recommended Posts

Posted (edited)

cc1c1cc758e75aab54f9ca2d04a1d14c.png

Date and Time: 8/17/2013 5:01:12 AM
File Name: ENCRYPTADOBAMBU.exe
File Size: 176149 Bytes
MD5: 40b07cbc513ba16a0f7f3173689b5071
SHA1: f7cd5c4fe480cf1495cbf4fbd242ee8b93b795d7
Detection: [COLOR="#00FF00"]0 of 35 (0%)[/COLOR]
Status: [COLOR="#00FF00"]CLEAN[/COLOR]

AVG Free - [COLOR="#00FF00"]Not Found![/COLOR]
ArcaVir - [COLOR="#00FF00"]Not Found![/COLOR]
Avast - [COLOR="#00FF00"]Not Found![/COLOR]
AntiVir (Avira) -[COLOR="#00FF00"] Not Found![/COLOR]
BitDefender - [COLOR="#00FF00"]Not Found![/COLOR]
VirusBuster Internet Security - [COLOR="#00FF00"]Not Found![/COLOR]
Clam Antivirus - [COLOR="#00FF00"]Not Found![/COLOR]
COMODO Internet Security - [COLOR="#00FF00"]Not Found![/COLOR]
Dr.Web - [COLOR="#00FF00"]Not Found![/COLOR]
eTrust-Vet - [COLOR="#00FF00"]Not Found![/COLOR]
F-PROT Antivirus - [COLOR="#00FF00"]Not Found![/COLOR]
F-Secure Internet Security - [COLOR="#00FF00"]Not Found![/COLOR]
G Data - Not Found!
IKARUS Security - [COLOR="#00FF00"]Not Found![/COLOR]
Kaspersky Antivirus - [COLOR="#00FF00"]Not Found![/COLOR]
McAfee - Not Found!
MS Security Essentials - [COLOR="#00FF00"]Not Found![/COLOR]
ESET NOD32 -[COLOR="#00FF00"] Not Found![/COLOR]
Norman - Not Found!
Norton Antivirus - [COLOR="#00FF00"]Not Found![/COLOR]
Panda Security -[COLOR="#00FF00"] Not Found![/COLOR]
A-Squared - [COLOR="#00FF00"]Not Found![/COLOR]
Quick Heal Antivirus - [COLOR="#00FF00"]Not Found![/COLOR]
Solo Antivirus - [COLOR="#00FF00"]Not Found![/COLOR]
Sophos - [COLOR="#00FF00"]Not Found![/COLOR]
Trend Micro Internet Security - [COLOR="#00FF00"]Not Found![/COLOR]
VBA32 Antivirus - [COLOR="#00FF00"]Not Found![/COLOR]
Zoner AntiVirus -[COLOR="#00FF00"] Not Found![/COLOR]
Ad-Aware - [COLOR="#00FF00"]Not Found![/COLOR]
BullGuard - [COLOR="#00FF00"]Not Found![/COLOR]
Immunet Antivirus - [COLOR="#00FF00"]Not Found![/COLOR]
K7 Ultimate - [COLOR="#00FF00"]Not Found![/COLOR]
NANO Antivirus - [COLOR="#00FF00"]Not Found![/COLOR]
Panda CommandLine - [COLOR="#00FF00"]Not Found![/COLOR]
VIPRE - [COLOR="#00FF00"]Not Found![/COLOR]

download :

DWfeqWBOBeJ6trFOwrJmvr9mELP6cg=dcg=YyOc+zefzDKPOBMKggxCZzeczuFqFvL34fIQaqg3uweclB8AI0zJ5zrlbygfUqrnR8OOu0NcM

linkul e cryptat.. cu (G....) simplu...

crypterul nare parola... decryptati doar linkul..

Edit :

ZIPPYS..

kM=umHetbcCanxnxStiVo21qmM1tkLKsjczZlwuanYCwRZWrSZmxTHD2kgr1Q2Xulgq5

cryptat cu MEG....

Edited by io.kent
  • Downvote 1
Posted

L-am testat cu Meterpreter (reverse_tcp) pe un sistem cu Microsoft Security Essentials.

Merge, DAR, ai race conditions. Adica nu il detecteaza atata timp cat nu il executi...dar...se poate folosi asa:

1. executi meter-ul criptat

2. primesti conexiune pe handler si imediat dai comanda "ps".

3. la vreo 10 secunde dupa ce primesti conexiune antivirusul opreste procesul (nu pentru ca il vede ca virus. il opreste preventiv din cauza comportamentului -> reverse connection and shit)

4. cauti procesul antivirusului si ii gasesti pid-ul

5. executi meter-ul din nou

6. cand primesti conexiune pe handler dai "migrate xxx" (unde xxx este pid-ul antivirusului)

Dupa ce ajungi sa rulezi meterpreterul in procesul antivirusului nu mai este detectat. :D

Pe client-side poti face urmatorul bat:

.\meter_fud.exe

timeout 60

.\meter_fud.exe

Asta iti da o fereastra de 1 minut in care sa afli pid-ul antivirusului.

Have phun!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...