Skrull – A Malware DRM, That Prevents Automatic Sample Submission By AV/EDR And Signature Scanning From Kernel

AVvXsEiM2RHR0hwqVTBvHb4n6G6wECZ VxDyw8EzHdZt9IEwzrkr CIIyzZJh2fLUOUxOmYWnlrPc8ixgpcUJLD0fPC4o PbYihLXC7L7xqr6IuqWuzTEJuvCKV YXdLuaKveqRvBTipBCOIMlD 34uijMjQlwr uj5RY WCTHKag4BngJs DUG6FA UNyaL A=w640 h480

Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted.

It’s a proof-of-concept of the talk of ROOTCON & HITCON 2021, check out Skrull Like A King: From File Unlink to Persistence and Skrull Like A King:從重兵看守的天眼防線殺出重圍 🙂

note that currently support only x64 PE now, due to the ghosting technique.

Video Demo

click here to read full Article

Read More on Pentesting Tools

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *