Rusty dropper is a simple malware loader written in Rust.
Shellcode is encrypted in compile time using XOR. After running, the shellcode is decrypted and moved directly into memory. Another thread is created, which executes the code in memory. However, both are done inside one process, which is not persistent.
This code serves as POC. I do not hold any responsibility for malicious misuse.
The shellcode.exe included in the repo is a script that runs a calculator generated by mfsvenom.
Command: msfvenom -p windows/exec cmd=calc.exe -f c -e x86/alpha_mixed
The final binary is indetectable with Windows Defender. However, more advanced EDR can raise alerts.
Here is a comparison between the original shellcode and the shellcode bundled via dropper. For a comparison, I used VirusTotal.
Original:
New:
- Copy your shellcode to root directory of this project.
- Rename it to
shellcode.exe cargo build --release- Run
target/release/rusty-sheller.exe - Rename binary into something less suspicious
- Deploy