GIT - TerraLdr Payload loader

fightsdntmatter · Nov 10, 2023

TerraLdr - A Payload Loader Designed With Advanced
Evasion Features

like, comment, stick afinger in ur butt, etc..;

TerraLdr: A Payload Loader Designed With Advanced Evasion FeaturesDetails:

no crt functions imported
syscall unhooking usingKnownDllUnhook
api hashing using Rotr32 hashing algo
payload encryption using rc4 - payload is saved in .rsrc
process injection - targetting 'SettingSyncHost.exe'
ppid spoofing & blockdlls policy using NtCreateUserProcess
stealthy remote process injection - chunking
using debugging & NtQueueApcThread for payload execution

Usage:

useGenzeloteRsrcto updateDataFile.terrathat'll be the payload saved in the .rsrc section of the loader

Thanks For:

Profit:

[Image: 198824933-101d0641-d8b3-4cef-812d-0834cdb8cf0f.png]

[Image: 198824884-ba516101-0b02-4ff7-94fb-65ce692e02ce.jpg]

[HIDE] https://github.com/ORC41/TerraLdr
[/HIDE]
Tele: @G0G0Provides

alhosane · Nov 11, 2023

will test

YuuCMYK · Nov 11, 2023

(31 October, 2022 - 11:00 PM)fightsdntmatter Wrote: Show More
TerraLdr - A Payload Loader Designed With Advanced
Evasion Features

like, comment, stick afinger in ur butt, etc..;

TerraLdr: A Payload Loader Designed With Advanced Evasion FeaturesDetails:

no crt functions imported

syscall unhooking usingKnownDllUnhook

api hashing using Rotr32 hashing algo

payload encryption using rc4 - payload is saved in .rsrc

process injection - targetting 'SettingSyncHost.exe'

ppid spoofing & blockdlls policy using NtCreateUserProcess

stealthy remote process injection - chunking

using debugging & NtQueueApcThread for payload execution

Usage:

useGenzeloteRsrcto updateDataFile.terrathat'll be the payload saved in the .rsrc section of the loader

Thanks For:

https://offensivedefence.co.uk/posts/ntc...erprocess/

https://github.com/vxunderground/VX-API

Profit:

thx

GIT - TerraLdr Payload loader

fightsdntmatter

alhosane

YuuCMYK

48,736

38,247

238,888