How to persist malware in Windows without tripping runtime AV?
#1
Now the normal way is to add a registry key to Run to startup your malware but that gets detected by Kaspersky runtime analysis.

What are some ways of persisting in Windows without tripping runtime AVs?
Reply
#2
Hi,

I don't know how your malware is written, but I found this, a c++ and c# project that used originally Living Off the Land technics, and the persistent is interesting, because it show no registry key.

I don't have kaspersky, so I don't know for this AV, but check it out anyway.

https://github.com/bytecode77/living-off-the-land
Reply
#3
This forum is for learning, so it's ok if you're unfamiliar with MalDev. But in order to learn MalDev being able to code is a prerequisite, can you write C?

The reason i ask is because there are some simple solutions you can try. Solutions i'd be willing to help you with. They're simple C programs. So it'd be preferable to be familiar with the lang.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Malware dev advice OSCNET 6 6,996 04-22-2021, 12:11 AM
Last Post: Vector
  The Malware Mega Thread. Vector 64 113,979 03-07-2021, 05:40 PM
Last Post: Insider
  Don't Connect Back - Beaconing Malware deviant 3 5,337 02-10-2021, 02:12 AM
Last Post: Insider
  [QUESTION] What are the different ways malware becomes persistant for Windows? ueax 8 7,229 02-08-2021, 10:32 PM
Last Post: ueax