Skip to content
/ FakeFlashInstaller Public

fake flash installer write in c# for Red-Team Fishing

8 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

merlinxcy/FakeFlashInstaller

BranchesTags

Repository files navigation

FakeFlashInstaller

fake flash installer write in c#

原理

  1. 跳转flash更新页面提示连接失败无法更新
  2. Flash进程常驻后台开始使用AES解密Stage下载地址,前往Stage下载地址http://XXX/favicon.bmp 下载图片并解密隐写的二进制数据。
  3. 通过loadAssembly加载二进制进行C2上线

用法

绘制flash界面:

image

将二阶段木马隐写入图片文件中

image

生成加密的图片URL地址

image

替换URL 配置

image

编译64位的Release进行投递

About

fake flash installer write in c# for Red-Team Fishing

Resources

Readme
Activity

Stars

8 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages