https://github.com/thenewattacker64/theattacker-crypter
Tool to evade Antivirus With Different Techniques
https://github.com/thenewattacker64/theattacker-crypter
bypass-antivirus crypter fud fud-crypter obfuscation runpe shellcode undetected
Last synced: about 2 months ago
JSON representation
Tool to evade Antivirus With Different Techniques
- Host: GitHub
- URL: https://github.com/thenewattacker64/theattacker-crypter
- Owner: TheNewAttacker64
- License: mit
- Created: 2023-04-16T20:51:22.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-08-16T01:10:07.000Z (about 2 years ago)
- Last Synced: 2025-04-08T01:42:38.867Z (7 months ago)
- Topics: bypass-antivirus, crypter, fud, fud-crypter, obfuscation, runpe, shellcode, undetected
- Language: C#
- Homepage:
- Size: 11 MB
- Stars: 176
- Watchers: 5
- Forks: 29
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Theattacker-Crypter
Tool to evade Antivirus With Different Techniques
DO NOT UPLOAD TO VIRUSTOTAL!!!
```
VirusTotal cooperates with many antiviruses and shares its up-to-date database.
In order for this crypter to work for a longer time, you must follow this simple rule.
```
# Screenshot
## Updates
- Added AMSI Bypass
- Added RUNPE
- Added support for 32 bit injection
- Added support for 64 bit injection
- Ability to clone Assembly
- Ability to execute your own Encoded Powershell Commands
- Ability to Disable Amsi even if you are not injecting .Net Paylaod
- Ability to choose Payload type if it Native or .Net
- Added New injection Paths
- Notify When stub Executed on Macihne 2 Methods Impelmented
1. using Telegrem
2. using Socket TCP/IP server
- Fixed SomeBugs
- New Ui
- Mutex to prevent the process from running Multiple times
- Simple .Net Obfuscator
- Melt Function for the exe to Delete it self after injecting the payload
- File Pumper
- Anti VM Payload won t execute in Vms
- [current last version](https://github.com/TheNewAttacker64/Theattacker-Crypter/releases/tag/0.9)
# poc
# AntiVmExample
# Usage
1. Download Crypter from Releases
2. choose File and Generate Encryption Key
3. Upload Loader.txt in raw url Ex(pasteBin)
4. put the url in the build Section and Build
# Detection rate
I don t know how much This will stay FUD but will be updating it always and adding New Injection and new Attacks to it
# HINT
Simple Note to avoid Detection Completely Use .NET obfuscator like Smart Assembly
# YT-VID
https://www.youtube.com/watch?v=caev1GH8PzE
## TODO
- [x] Add Ability To execute your own powershell code
- [x] option To Disable Amsi from powershell
- [x] Notify Methods When Code executing on Machine
- [x] Mutex to prevent Porcess from running Multiple times
- [x] Delete it self
- [x] File-Pumper
- [x] Anti-VM
- [ ] Undetected Binder
- [ ] HTTP Server for Delivering Payloads
- [ ] Loading Payload locally instead of loading our shellcode from url
- [ ] adding Different Encryption Methods
- [ ] Linux Support
# Support
Star this Repo if you like the tool