Successfully delivering a payload?
#1
I have a successfully crypted payload (EXE) that I am now ready to deliver to potential victims.
How can I deliver this payload successfully via email?
What email spoofing services can I use?
Also, how can I make this file look more legit? Nobodys going to open a .exe file they recieve in a email..
I have tried using a email spoofing service https://emkei.cz/, but in my tests, the email usually never reaches my inbox or is immediately flagged as spam.
Reply
#2
Moved your thread to the Malware Subforum. Delivering payloads through mailing campaigns, sounds an awful lot like you're trying to start a malware operation by using spam emails to get whatever it is you want on your targets systems.

Getting malicious files to potential targets through mail shouldn't be done through simply attaching an exe file. You need a convincing MalDoc at the very least, best way to go about that is to embed a dropper in a PDF or docx file. There are several methods to go about this, some more effective than others. I'm sure you can figure it out.

Secondly the PDF for instance has to look official, as if it was designed and created by an enterprise or institution. With the covid hysteria you could probably get away pretending to be some medical institution with important information regarding the target's health.

Don't waste time with spoofing services. Get a VPS, pay in crypto and only connect through SSh routed through Tor. Set up a domain, website and mail server. Cloning content from a site belonging to an actual medical institution is very straightforward, just make sure to change the name and logos. Also be sure to have a convincing domain name to correspond with a convincing name you make up for your fake institution.

Now that you have that set up you don't even have to include an attachment. You can simply host your Maldoc on your web resource. People will click through if your message is convincing enough. Once downloaded from your web resource or through an attachment, the target will open the Maldoc, and the embedded dropper will download and launch your malware on their system.

I'd go over the technical details of all of the steps i've mentioned, but i think you'd do well, to take what i said as data points which you can then use to search for additional information, expand on what you know and learn more about the overall process involved. A hands on approach will provide you with valuable practical experience.
Reply
#3
(11-09-2021, 01:31 AM)Vector Wrote: Moved your thread to the Malware Subforum. Delivering payloads through mailing campaigns, sounds an awful lot like you're trying to start a malware operation by using spam emails to get whatever it is you want on your targets systems.

Getting malicious files to potential targets through mail shouldn't be done through simply attaching an exe file. You need a convincing MalDoc at the very least, best way to go about that is to embed a dropper in a PDF or docx file. There are several methods to go about this, some more effective than others. I'm sure you can figure it out.

Secondly the PDF for instance has to look official, as if it was designed and created by an enterprise or institution. With the covid hysteria you could probably get away pretending to be some medical institution with important information regarding the target's health.

Don't waste time with spoofing services. Get a VPS, pay in crypto and only connect through SSh routed through Tor. Set up a domain, website and mail server. Cloning content from a site belonging to an actual medical institution is very straightforward, just make sure to change the name and logos. Also be sure to have a convincing domain name to correspond with a convincing name you make up for your fake institution.

Now that you have that set up you don't even have to include an attachment. You can simply host your Maldoc on your web resource. People will click through if your message is convincing enough. Once downloaded from your web resource or through an attachment, the target will open the Maldoc, and the embedded dropper will download and launch your malware on their system.

I'd go over the technical details of all of the steps i've mentioned, but i think you'd do well, to take what i said as data points which you can then use to search for additional information, expand on what you know and learn more about the overall process involved. A hands on approach will provide you with valuable practical experience.

Thanks >>>>
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Befriending bowed partners, ether, successfully gains. olhupigka 0 57 06-24-2022, 01:58 AM
Last Post: olhupigka
  Disposable Payload Generator for Ransomware Corvo 0 2,086 01-26-2022, 03:18 PM
Last Post: Corvo
   Payload Encryption In C V0rT3x7 1 4,223 12-28-2021, 09:56 AM
Last Post: _BNM57_
  Didatic Ransomware Payload Corvo 14 30,971 07-08-2021, 12:12 AM
Last Post: Corvo