100% undetected rat

Hacking

Casual

579

100% undetected rat

sully khan
NONE

21-Nov-2020 02:56:33

hi who can make me a 100% undetected rat payload i will pay thanks

*Beware click the link!

DISCUSSION

Djie sam soe - 3899
Freelance | Student

21-Nov-2020 15:11:56

You can use this tools https://github.com/Screetsec/TheFatRat, or you can change the file signature

sully khan - 3905

22-Nov-2020 01:41:52

hi i tried thefatrat and its being detected how do i change the signature im still quite a newbie i been doing it for the past 5 days spending almost 17 hours a day on my laptop

Djie sam soe - 3908

22-Nov-2020 02:05:01

Maybe, the signature of the tool is already entered in the antivirus database. therefore he is detected by the antivirus

Djie sam soe - 3909

22-Nov-2020 02:14:45

https://reverseengineering.stackexchange.com/questions/16955/bypassing-av-signature-with-hex-editing

Im learning too, and i have a reference. You can change dynamic to static, you can header, metadata, encode your code

Djie sam soe - 3910

22-Nov-2020 02:15:27

So if you talk about FUD, it can be done with various techniques, you can change the header, metadata, encode, etc. So why can bypass AV, the way av works in general, he will compare it with their database, with a certain level of similarity a file will be detected. So even though the mas, for example, is only for program A, but in it (can be a signature file, metadata or whatever) certain code in db av will also be detected by the mas program. In order to escape then what? Yes, there are various techniques ...

Sorry bad English 😅

Djie sam soe - 3914

22-Nov-2020 02:23:38

Mas its mean = bro 🙏🏻

Noor Affendi - 3918

22-Nov-2020 17:44:12

If you want to bypass AV, you can encode the program, If you want to be more powerful, you have to understand the ins and outs of the target OS, I assume Windows, if you understand the Windows Registry then you can make this malware powerful, for example you can stop the task manager, hide file processes while running, make the program becomes difficult to remove

Djie sam soe - 3928

23-Nov-2020 01:13:17

But, how to setting the programs like this ? I dont know hide process programm when running

thoriq - 3902
Pelajar Indonesia

21-Nov-2020 15:32:56

I dont know im newbie

Djie sam soe - 3927

23-Nov-2020 01:11:20

Same :D

Indrasp - 3904
Pengangguran

21-Nov-2020 20:41:11

You can use embed pdf or doc to hide the payload

You should learn reverse engineering

sully khan - 3906

22-Nov-2020 01:43:43

could you help me do it if i pay you for your time also what books do u recommend for me to learn reverse engineering i spend 17 hours a day on laptop trying to figure it out and ive only been trying it for past 5 days

Djie sam soe - 3907

22-Nov-2020 02:03:41

If you want e books reverse engineering, you can access here https://forum.seccodeid.com/d/reverse-engering-guides detail and more

Djie sam soe - 3911

22-Nov-2020 02:18:11

If it is explained it's a bit long too, bro. Simply put, why the bs bypss av file, which obviously av has a limited database and logical, there can be a gap in a file through av. Changes were clearly made to fool av, and that is by nature using the exe file. But if at this time we can embed a certain exe / code file with any extension, which can be pdf, doc and anythings. It's more difficult to detect av, and you don't need to change the header of the file, etc ... because the existing files, we just need to inject them using the code.

Noor Affendi - 3917

22-Nov-2020 17:40:53

bs what is mean?

Dimas Guntur Angg - 3921

22-Nov-2020 17:47:20

I dont know bro

Djie sam soe - 3924

22-Nov-2020 21:28:42

bs in indonesian bisa

bs in english can

Conclusion bs mean can, sorry hehe

Noor Affendi - 3923

22-Nov-2020 17:49:58

What techniques have you used?

Djie sam soe - 3912
Freelance | Student

22-Nov-2020 02:20:08

Sorry im bad English 😅

Djie sam soe - 3915
Freelance | Student

22-Nov-2020 02:29:05

If you have tried changing the metadata, header signature then encodes it. do not occasionally send or scan in virus total site and etc, but why ? because it will benefit them, your file will be analyzed and then detected by the AV Cmiw

Dimas Guntur Angg - 3922

22-Nov-2020 17:48:14

Good idea

Djie sam soe - 3926

23-Nov-2020 01:10:34

🔥🔥🔥

Noor Affendi - 3919
NONE

22-Nov-2020 17:45:01

What is your target OS ?

Dimas Guntur Angg - 3920
NONE

22-Nov-2020 17:47:00

You can hide it by wrapping your program in pdf, doc, etc