View Code? Open in Web Editor
NEW
This project forked from nul0x4c/terraldr
A Payload Loader Designed With Advanced Evasion Features
License: Apache License 2.0
terraldr's Introduction
- no crt functions imported
- syscall unhooking using KnownDllUnhook
- api hashing using Rotr32 hashing algo
- payload encryption using rc4 - payload is saved in .rsrc
- process injection - targetting 'SettingSyncHost.exe'
- ppid spoofing & blockdlls policy using NtCreateUserProcess
- stealthy remote process injection - chunking
- using debugging & NtQueueApcThread for payload execution
terraldr's People
Contributors