[IN-VM] RAT bypass Emsisoft v9

[goke]

bypass the Emsisoft

 

[soinvisage]

thx for the review

its sourate muhammad , ahmad al ajmy

 

[LAGUN]

thx @goke and i wait you test tiranium.

 

[soinvisage]

thx @goke and i wait you test tiranium.

i came to test it my test arrive in 30min env thx

 

[Oxygen]

I ask myself what antivirus could block these RATS

 

[Dubseven]

Suggestion:
- Do a quick scans after the computer is infected with the anti-virus.
- Restart the computer.

 

[yigido]

Thanks for the review!

 

[goke]

Suggestion:
- Do a quick scans after the computer is infected with the anti-virus.
- Restart the computer.

 

[Dubseven]

Thanks!
Keep that suggestions for others vidéos please!

 

[nissimezra]

Suggestion:
- Do a quick scans after the computer is infected with the anti-virus.
- Restart the computer.

no, first disconnect the internet, then run a scan from bootable media.

 

[nissimezra]

Soon testeing all AV

thx for the ISO i was looking for it long time. win 7 with only 1.75 after instal just great

 

[MrExplorer]

if goke is using a Premium Crypter or if he himself Crypting it than no any AV will detect RAT.

 

[MrExplorer]

Wish the video would load for me

Which browser are you using.

 

[Fabian Wosar]

- Do a quick scans after the computer is infected with the anti-virus.

That would quite frankly be impossible. The njRAT server he created is set up to not actually infect the system. No persistence is established and the RAT is gone on reboot until he starts it again manually. Most likely the thread poster didn't think it was important. Well, it is. It is also important that the RAT connects to a foreign IP address. Otherwise some applications will assume TCP/IP is used for local inter process communication. However, since the RAT client is running outside of the VM I would assume that is already the case.

Anyways, I adjusted the EAM RAT behavior rules to also cover njRAT and other .NET based RATs even if they don't establish persistence on the system. The update should be available tomorrow via beta updates.

 

[Creator Of Manticore]

if u have a good firewall then u dont need to worry about rats I recommend comodo.... And its very easy to bypass anti malware there are many crypters out there.

 

[Fabian Wosar]

And its very easy to bypass anti malware there are many crypters out there.

Except that behavior based detection won't care about crypters. Quite frankly adding a crypter will make it a lot more likely the file will trigger an alert in many cases .

 

[Creator Of Manticore]

Except that behavior based detection won't care about crypters. Quite frankly adding a crypter will make it a lot more likely the file will trigger an alert in many cases .

Yes thats very tre specially for Avast hehe but i noticed that if u install a FUD server with persistance the AV wont remove even when it detects it this only happened in Dark Comet though.

 

[Cowpipe]

Quite honestly if you need to rely on a "crypter" to make something "FUD" then you're not going to get very far.

 

[Deleted member 178]

Anyways, I adjusted the EAM RAT behavior rules to also cover njRAT and other .NET based RATs even if they don't establish persistence on the system. The update should be available tomorrow via beta updates.

don't forget H-Worm too ^^

btw, welcome aboard Fabian.

 

[Cowpipe]

don't forget H-Worm too ^^

H-Worm is VBS not .NET Unless someone created VBS.NET and didn't tell me