This will install Firefox and also my backdoor silently on the machine.
Here we go, the actors:
Once I have launched Elitewrap I have to define the output filename. This is the name of the wrapped .exe
Once this has been defined you have to select the operation you want Elitewrap to perform.
The readme file lists all the options with explanations but I will be using operation 3. This will install my backdoor silently whilst the Firefox installer runs in the foreground.
And so to wrap the exes, nothing really complicated to it as you can see below:
And here is the output:
Before I run this executable I have run the netstat -na command to show the backdoor isn't already running (it will be on port 39846):
So I double click the exe and here is the output (including an update netstat):
So we can see already that the backdoor is listening and we haven't even installed Firefox. So even if we were to cancel the installation its too late.
We continued the installation and allowed it to finish:
And the final result is shown below:
Firefox installed without any hint of a problem and my backdoor is waiting for me to connect.
I hope that this post has been informative, contact me or leave a comment if you have any questions.
Update: based on Niall's comment I have uploaded the wrapped firefox.exe to Virus Total and the results are shown below:
For part three of this post I will be using some a bit more industrial that dave.exe. All will be revealed soon!
Dave
Posts
4 comments:
Hey Dave ,
That's pretty scary. Did you submit the modified Firefox executable to virus total to see if anything picked up on the piggybacking trojan?
Would a heuristic scan pick up on this I wonder?
Niall
Hi Niall,
I didn't originally submit it to Virus Total but I did after seeing your comment.
I have updated the post with the results of the Virus Total scan.
Dave
Can this software be used to multiple file formats
Can this software be used to multiple file formats
Post a Comment