Dr0p1t Framework/Trojan Dropper (FUD) ATM

Hello today i will be presenting, a trojan dropper you may be asking what a trojan dropper is it is a In short dropper is type of trojans that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks

+ Generated executable properties:
+ Modules:

Find and kill antivirus before running the malware.

The ability to disable UAC.

The ability to run your malware as admin.

Full spoof by spoofing the file icon and extension to any thing you want.

ZIP files support so now you can compress your executable to zip file before uploading.

Running a custom ( batch|powershell|vbs ) file you have chosen before running the executable

In running powershell scripts it can bypass execution policy

Using UPX to compress the dropper after creating it
+Persistence modules:

Adding executable after downloading it to startup.

Adding executable after downloading it to task scheduler ( UAC not matters ).

Adding your file to powershell user profile so your file will be downloaded and ran every time powershell.exe run if it doesn't exist.





DL/GITHUB

[To see links please register here]

Usage: Dr0p1t.py Malware_Url [Options]

options:
-h, --help show this help message and exit
-s Add your malware to startup (Persistence)
-t Add your malware to task scheduler (Persistence)
-a Add your link to powershell user profile (Persistence)
-k Kill antivirus process before running your malware.
-b Run this batch script before running your malware. Check scripts folder
-p Run this powershell script before running your malware. Check scripts folder
-v Run this vbs script before running your malware. Check scripts folder
--runas Bypass UAC and run your malware as admin
--spoof Spoof the final file to an extension you choose.
--zip Tell Dr0p1t that the malware in the link is compressed as zip
--upx Use UPX to compress the final file.
--nouac Try to disable UAC on victim device
-i Use icon to the final file. Check icons folder.
--noclearevent Tell the framework to not clear the event logs on target machine after finish.
--nocompile Tell the framework to not compile the final file.
--only32 Download your malware for 32 bit devices only
--only64 Download your malware for 64 bit devices only
-q Stay quite ( no banner )
-u Check for updates
-nd Display less output information

The recommended version for Python 2 is 2.7.x , the recommended version for Python 3 is 3.5.x and don't use 3.6 because it's not supported yet by PyInstaller

why is it in python i can easily decompile it

is this still active? i dont want to get my hopes up to soon!

(08-08-2018, 09:07 PM)r00t3r Wrote:

[To see links please register here]

is this still active? i dont want to get my hopes up to soon!

As of the OP banned, no, it isn't active. What I would suggest is making a new thread regarding about your question so, you don't break any rules

(08-08-2018, 09:07 PM)r00t3r Wrote:

[To see links please register here]

is this still active? i dont want to get my hopes up to soon!

Upon viewing the web page, the tool still seems to have Inconsistencies.

Still not fully tested! Need some contributors and testers

Not maintained currently (Wait for the next version)