• 🐸
    Frog For Automatic Scan

  • 🐶
    Doge For Defense Evasion&Offensive Security

Doge-Assembly

Golang evasion tool, execute-assembly .Net file

Intro

Are you still worrying about antivirus?

feature

使用Golang execute assembly加载C#程序

C#程序编译为静态资源文件,使用AES加密,使用时最好替换自定义密钥

clr.dll进程注入的过程采用direct syscall进行api调用

若想增强免杀效果可自行添加:

反沙箱反调试等相关代码

Blockdlls

parent-process-id-spoofing

写的较为仓促,希望能有大佬帮忙优化

Usage

cd encrypt
go build

you can change sharp.exe to other C# exe file

./encrypt.exe ./sharp.exe

copy sharp.exe.cipher to bin/

cd ..
go-bindata data/
go build

demo sharp.exe is SharpChromium.exe

ref

资源文件加载:

golang 的 execute assembly 实现:

bananaphone, golang hells gate:

screenshot

PS D:\Doge-Assembly> .\Doge-Assembly.exe
Decrypt Success...

dll: 19968
bin: 584704

Dynamic Evasion
Please Wait for 10 seconds......
2481571495936
BananaPhone: Allocated 20480bytes at 0x241C9300000
BananaPhone: Wrote 20480bytes at 0x241C9300000
2481571561472
BananaPhone: Allocated 585728bytes at 0x241C9310000
BananaPhone: Wrote 584715bytes at 0x241C9310000
2021/03/09 16:37:29 Got thread handle: 404

out:
[X] Invalid argument passed:

Usage:
    .\SharpChromium.exe arg0 [arg1 arg2 ...]

Arguments:
    all       - Retrieve all Chromium Cookies, History and Logins.
    full      - The same as 'all'
    logins    - Retrieve all saved credentials that have non-empty passwords.
    history   - Retrieve user's history with a count of each time the URL was
                visited, along with cookies matching those items.
    cookies [domain1.com domain2.com] - Retrieve the user's cookies in JSON format.
                                        If domains are passed, then return only
                                        cookies matching those domains. Otherwise,
                                        all cookies are saved into a temp file of
                                        the format "%TEMP%\$browser-cookies.json"


err:


🚀
Star Trend

Stargazers over time

GitHub

https://github.com/timwhitez/Doge-Assembly