Malware

ChaiLdr – AV Evasive Payload Loader : Unveiling Next-Gen Evasion Capabilities

ChaiLdr – AV Evasive Payload Loader represents a cutting-edge approach in malware development, blending innovative evasion techniques to bypass modern antivirus solutions.

Crafted with advanced concepts learned in malware engineering, this tool introduces a new level of sophistication in delivering payloads undetected.

From indirect syscalls and API hammering to HTTP/S shellcode staging, ChaiLdr sets a new benchmark in the realm of cybersecurity threats.

A simple shellcode loader built with the concepts of Malware development I have learnt till now.

Features

  • Indirect syscalls with SysWhispers3 – jumper_randomized
  • QueueUserAPC Injection
  • HTTP/S shellcode staging
  • Execution delay using API Hammering
  • IAT Camouflage
  • API Hashing

Testing With Havoc And The Latest Windows Defender

NOTE

CRT Library Removal : I tried a lot to get the payload working with CRT Library removed and make it independent with custom intrinsic functions for – memcpy, memset, rand, stand, etc, but ended up with a lot of crashes and after hours of debugging couldn’t get it working, I’ll incorporate it into a dev branch soon enough.

I have used minicrt, MiniCRT, etc for references but still couldn’t get it to work.

Shellcode Encryption : The shellcode is fetched from a remote server, providing SSL support. I haven’t incorporated any shellcode encryption, when used with Havoc, Havoc provides Sleep encryption.

Why not HellsGate? : HellGate incorporated only direct syscalls, HellsHall uses indirect syscalls, but I’m still learning that and will build my custom implementation of it in the future

EDR Evasion? : This is a simple shellcode payload loader, it can bypass a lot of antivirus software and some EDRs but the techniques it incorporates aren’t the best, so as I keep learning I’ll make better loaders!

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: ChaiLdrcybersecurityinformationsecuritykalilinuxkalilinuxtools
2 years ago

Recent Posts

How to Fix MyISAM Table Corruption in MySQL?

In MySQL Server 5.5 and earlier versions, the MyISAM was the default storage engine. So,…

12 hours ago

Microsoft Authenticator Flaw Could Leak Login Codes

A newly disclosed vulnerability in Microsoft Authenticator could expose one time sign in codes or…

20 hours ago

Modrinth – A Comprehensive Overview of Tools and Functions

Modrinth is a modern platform that’s rapidly changing the landscape of Minecraft modding, providing an…

2 days ago

BlackSanta Malware A Stealthy Threat Targeting Recruiters and HR Teams

A new, highly sophisticated malware campaign named BlackSanta has emerged, primarily targeting HR and recruitment…

2 days ago

Perplexity Launches Personal Computer Features

Perplexity has unveiled an exciting new feature, Personal Computer, which allows AI agents to seamlessly…

2 days ago

Cyberattack or Smoke and Mirrors? The Truth Behind the Alleged Dimona Nuclear Breach

In a recent cyber incident, a group named CARDINAL, associated with the label Russian Legion,…

2 days ago