Evade AVs/EDR with Shellcode Injection
Tags
attack-pattern: Data Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Sudo - T1169
Show in Graph
Common Information
Type Value
UUID a20df629-848d-4562-b618-4c9e14602f1c
Fingerprint 3fac0f330cfe0441
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 28, 2021, 2:51 p.m.
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 12, 2024, 3:58 a.m.
Headline Evade EDR with Shellcode Injection and gain persistence using Registry Run Keys
Title Evade AVs/EDR with Shellcode Injection
Detected Hints/Tags/Attributes 31/1/12
Source URLs
Redirection Url
Details Source https://kurtikleiton.medium.com/evade-avs-edr-with-shellcode-injection-159dde4dba1a
URL Provider
Details Provider Source level domain
Details medium.com kurtikleiton.medium.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
shecodnject.py
Details File 1 
rsaprivate.key
Details File 1 
servercertificate.crt
Details File 1 
shellcode.raw
Details File 1 
shecodnject.py
Details File 2 
fin.exe
Details File 1 
c:\tmp\fin.exe
Details IPv4 5 
192.168.1.46
Details Windows Registry Key 582 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Details Windows Registry Key 480 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Details Windows Registry Key 4 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
Details Windows Registry Key 4 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce