View Code? Open in Web Editor
NEW
This project forked from nul0x4c /terraldr
A Payload Loader Designed With Advanced Evasion Features
License: Apache License 2.0
terraldr's Introduction
TerraLdr: A Payload Loader Designed With Advanced Evasion Features
no crt functions imported
syscall unhooking using KnownDllUnhook
api hashing using Rotr32 hashing algo
payload encryption using rc4 - payload is saved in .rsrc
process injection - targetting 'SettingSyncHost.exe'
ppid spoofing & blockdlls policy using NtCreateUserProcess
stealthy remote process injection - chunking
using debugging & NtQueueApcThread for payload execution
"SettingSyncHost.exe" isnt found on windows 11 machine, while i didnt tested with w11, its a must to change the process name to something else before testing
it is possibly better to compile with "ISO C++20 Standard (/std:c++20)"
Tested with cobalt strike && Havoc on windows 10
terraldr's People
Contributors