s0nus сказал(а):
Crypters doesn't work like years ago, in these days EDRs/MDRs/SIEMs scan for know malicious software in memory (The crypter needs to somehow decrypt the payload in runtime, it does this in memory) so it will be detected.
Crypters against some AVs probably will work (not all)
PS: Modern EDRs/MDRs/SIEMs solutions implements their own procmon for behaviour detection, witch also will trigger detections and TTPs (so, if you run something very know like redline stealer the protection solution will detect it).
That a quality post, I've read about:
The information examined during the static analysis is as follows.
P.E. (Portable Executable) Headers
Imported DLL's
Exported DLL's
Strings in binary
CPU Instructions
While doing dynamic analysis, you should carefully examine the following events. (dynamic analyse)
Network Connections
File Events
Process Events
Registry Events
Making your malware FUD is all a science of obfuscation and ways to bypass AV, if you use someone else malware and have no experience in FUD crypter it will be hard to obfuscate it because malware signature will make it detected (so all mfs payload are pure trash bc people used it tons of times, and when you infect someone with one of these defender will not detected random malware, it will even know it's metasploit payload XD).
That's why I advice you to write your own payload (the best language are C, C++, C#, Nim).
You can even use python but without obfuscation it will be easily detected by AV. For other language like C# or C I can tell from experience that you don't even need to obfuscate it if you didn't copy and paste code (Only FUD for a short amount of time btw).
I've playing with some open source crypters, hope I would be able to make my own soon guys. Is there any Thread that can I use to keep learning about that?