Light

koushui / eva2 Goto Github PK

View Code? Open in Web Editor NEW

0.0 0.0 0.0 1.19 MB

Another version of EVA using anti-debugging techs && using Syscalls

License: GNU General Public License v3.0

C++ 43.24% Python 2.66% C 36.52% Assembly 17.58%

eva2's Introduction

EVA2

Another version of EVA using anti-debugging techs && using Syscalls

`First thing:` Dont Upload to virus total. this note is for you and not for me. if you wanna keep this code effective, and u want to use it to bypass windows defender, `DONT UPLOAD IT TO VIRUS TOTAL` OR ANY OTHER WEBSITE LIKE IT, else read the note at line 11 in EVA1

REQUIREMENTS:

visual studio 2019 [ it may work with visual studio 2017 ]
cobalt strike [ take a look at my repo cobalt-wipe ]
python2 for the encoder

USAGE:

load this profile : googledrive_getonly.profile in cobaltstrike : ./teamserver <lhost> <pass> <path to googledrive_getonly.profile>
create your shellcode [use https] (x64 x86 wont work) using cobalt-strike [check my cobalt-wipe repo]
place your shellcode inside encoder.py [preferably change the keys] and run it using python2
after encoder.py output your encrypted shellcode copy and paste it inside EVA.cpp
if u want to inject to another process uncomment line 45 not recommended tho
build the code using visual studio 2019 - Release - x64 x86 wont work
enjoy

Features:

New Profile for the connection of the C&C of cobalt strike, the profile is from here
anti debugging tech
encoded shellcode
decryption & injection of the shellode happens in the memory [byte by byte] and thus, less chance to get detected
using syscalls

DEMO:

[+] You can do your self a favour and disable Automatic Sample Submission in windows defender:

EVA2.-.DEMO.mp4

special thanks for:

My friend @NoOne-hub for helping me in adding the syscalls
@mhaskar for Shellcode-In-Memory-Decoder in which i implemented the whole code on it... in this repo and in the first one.
@hasherezade for antianalysis_demos
@jthuraisamy for SysWhispers2

LICENSE: GNU General Public License v3.0

My Empty Ethereum Wallet (No jokes) : 0x1B4944030818392D76672f583884F4A125A4415e

eva2's People

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.