Kali Linux

TerraLdr : A Payload Loader Designed With Advanced Evasion Features

TerraLdr is a Payload Loader Designed With Advanced Evasion Features.

Details

  • no crt functions imported
  • syscall unhooking using KnownDllUnhook
  • api hashing using Rotr32 hashing algo
  • payload encryption using rc4 – payload is saved in .rsrc
  • process injection – targetting ‘SettingSyncHost.exe’
  • ppid spoofing & blockdlls policy using NtCreateUserProcess
  • stealthy remote process injection – chunking
  • using debugging & NtQueueApcThread for payload execution

Usage

Thanks For

Notes

  • “SettingSyncHost.exe” isnt found on windows 11 machine, while i didnt tested with w11, its a must to change the process name to something else before testing
  • it is possibly better to compile with “ISO C++20 Standard (/std:c++20)”

Profit

Demo (by @ColeVanlanding1) :

Tested with cobalt strike && Havoc on windows 10

Click Here To Download
R K

Leave a Comment
Share
Published by
R K
Tags: CobaltevasionHavocPayloadPayload LoaderTerraLdrWindows 10
3 years ago

Recent Posts

How to Prevent Software Supply Chain Attacks

What is a Software Supply Chain Attack? A software supply chain attack occurs when a…

23 hours ago

How UDP Works and Why It Is So Fast

When people ask how UDP works, the simplest answer is this: UDP sends data quickly…

1 week ago

How EDR Killers Bypass Security Tools

Endpoint Detection and Response (EDR) solutions have become a cornerstone of modern cybersecurity, designed to…

2 weeks ago

AI-Generated Malware Campaign Scales Threats Through Vibe Coding Techniques

A large-scale malware campaign leveraging AI-assisted development techniques has been uncovered, revealing how attackers are…

2 weeks ago

How Does a Firewall Work Step by Step

How Does a Firewall Work Step by Step? What Is a Firewall and How Does…

2 weeks ago

Fake VPN Download Trap Can Steal Your Work Login in Minutes

People trying to securely connect to work are being tricked into doing the exact opposite.…

2 weeks ago