Kali Linux

TerraLdr : A Payload Loader Designed With Advanced Evasion Features

TerraLdr is a Payload Loader Designed With Advanced Evasion Features.

Details

  • no crt functions imported
  • syscall unhooking using KnownDllUnhook
  • api hashing using Rotr32 hashing algo
  • payload encryption using rc4 – payload is saved in .rsrc
  • process injection – targetting ‘SettingSyncHost.exe’
  • ppid spoofing & blockdlls policy using NtCreateUserProcess
  • stealthy remote process injection – chunking
  • using debugging & NtQueueApcThread for payload execution

Usage

Thanks For

Notes

  • “SettingSyncHost.exe” isnt found on windows 11 machine, while i didnt tested with w11, its a must to change the process name to something else before testing
  • it is possibly better to compile with “ISO C++20 Standard (/std:c++20)”

Profit

Demo (by @ColeVanlanding1) :

Tested with cobalt strike && Havoc on windows 10

R K

Recent Posts

SpyAI : Intelligent Malware With Advanced Capabilities

SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…

1 day ago

Proxmark3 : The Ultimate Tool For RFID Security And Analysis

The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…

1 day ago

Awesome Solana Security : Enhancing Program Development

The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…

1 day ago

IngressNightmare-POCs : Understanding The Vulnerability Exploitation Flow

The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…

1 day ago

AdaptixC2 : Enhancing Penetration Testing With Advanced Framework Capabilities

AdaptixC2 is an advanced post-exploitation and adversarial emulation framework designed specifically for penetration testers. It…

1 day ago

Bincrypter : Enhancing Linux Binary Security through Runtime Encryption And Obfuscation

Bincrypter is a powerful Linux binary runtime crypter written in BASH. It is designed to…

1 day ago