TerraLdr - A Payload Loader Designed With Advanced Evasion Features

[itsMe]

Details:

    no crt functions imported
    syscall unhooking using KnownDllUnhook
    api hashing using Rotr32 hashing algo
    payload encryption using rc4 - payload is saved in .rsrc
    process injection - targetting 'SettingSyncHost.exe'
    ppid spoofing & blockdlls policy using NtCreateUserProcess
    stealthy remote process injection - chunking
    using debugging & NtQueueApcThread for payload execution

To see this hidden content, you must like this content.