SuperMega: Stealthily inject shellcode into an executable

by ddos ·

SuperMega – Cordyceps Implementation

SuperMega is a shellcode loader by injecting it into genuine executables (.exe or .dll). The loader is programmed in C.

The idea is that injecting shellcode nicely into a non-malicious executable should make it less detected.

Features:

  • Encrypt payload
  • Execution guardrails, so payload is only decrypted on target
  • Anti emulation, against AV emulators
  • EDR deconditioner, against EDR memory scan
  • Keep all original properties of the executable (imports etc.)
  • Very small carrier loader
  • Code execution with main function hijacking
  • No PEB walk, reuses IAT to execute windows api functions
  • Inject data into .rdata for the carrier shellcode
  • Patch IAT for missing functions for the carrier

Directories

  • data/binary/shellcodes: Input: Shellcodes we want to use as input (payload)
  • data/binary/exes/: Input: Nonmalicious EXE files we inject into
  • data/source/carrier: Input: Carrier C templates
  • projects/<projectname>: output: Project directory with all files
  • projects/default: output: Project directory with all files

Download & Use

Tags: inject shellcode