Malware

ChaiLdr – AV Evasive Payload Loader : Unveiling Next-Gen Evasion Capabilities

ChaiLdr – AV Evasive Payload Loader represents a cutting-edge approach in malware development, blending innovative evasion techniques to bypass modern antivirus solutions.

Crafted with advanced concepts learned in malware engineering, this tool introduces a new level of sophistication in delivering payloads undetected.

From indirect syscalls and API hammering to HTTP/S shellcode staging, ChaiLdr sets a new benchmark in the realm of cybersecurity threats.

A simple shellcode loader built with the concepts of Malware development I have learnt till now.

Features

  • Indirect syscalls with SysWhispers3 – jumper_randomized
  • QueueUserAPC Injection
  • HTTP/S shellcode staging
  • Execution delay using API Hammering
  • IAT Camouflage
  • API Hashing

Testing With Havoc And The Latest Windows Defender

NOTE

CRT Library Removal : I tried a lot to get the payload working with CRT Library removed and make it independent with custom intrinsic functions for – memcpy, memset, rand, stand, etc, but ended up with a lot of crashes and after hours of debugging couldn’t get it working, I’ll incorporate it into a dev branch soon enough.

I have used minicrt, MiniCRT, etc for references but still couldn’t get it to work.

Shellcode Encryption : The shellcode is fetched from a remote server, providing SSL support. I haven’t incorporated any shellcode encryption, when used with Havoc, Havoc provides Sleep encryption.

Why not HellsGate? : HellGate incorporated only direct syscalls, HellsHall uses indirect syscalls, but I’m still learning that and will build my custom implementation of it in the future

EDR Evasion? : This is a simple shellcode payload loader, it can bypass a lot of antivirus software and some EDRs but the techniques it incorporates aren’t the best, so as I keep learning I’ll make better loaders!

Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a Comment
Share
Published by
Tamil S
Tags: ChaiLdrcybersecurityinformationsecuritykalilinuxkalilinuxtools
2 months ago

Recent Posts

Moriarty Project Remastered V4.1.2 – A Comprehensive Guide To Advanced Phone Number Investigation

Moriarty Project is a powerful web based phone number investigation tool. It has 6 features…

5 hours ago

Exif Looter – A Comprehensive Guide To Managing Image Metadata

"Exif Looter" is a powerful tool designed for the extraction and management of metadata from…

5 hours ago

Ngoto – A Tool For Python Developers

"Ngoto" is an innovative Python tool designed to enhance coding efficiency through the integration of…

5 hours ago

OSINT – Comprehensive Toolkit With Docker To Enhance Your Cyber Security Using Vault Security’s Image

Open Source Intelligence (OSINT) involves gathering and analyzing publicly available information for security purposes. Vault…

5 hours ago

GHunt – Mastering Google With Advanced OSINT Techniques

GHunt v2 is a sophisticated offensive Google framework tailored for OSINT tasks and more. With…

5 hours ago

Facebook Friend List Scraper – A Powerful OSINT Tool For Efficient Data Collection

OSINT tool to scrape names and usernames from large friend lists on Facebook, without being…

1 day ago