Home Malware Analysis Projects About

Vulpes

Vulpes is a Command & Control Framework with a Python Backend, and a C++ Implant. The Implant is designed to be as evasive as possible, whilst providing as much utility as possible.

Table of Contents

Key Features

Demo

TBC.

Command List

Name Description
ls Use FindFirstFile & FindNextFile to cycle through either a user specified directory, or the current directory.
cat Using stdlib, read the contents of the file and return the data (or the exception).
whoami Return GetComputerName()\GetUsername() (CONTOSO\Administrator).
hostname Return GetComputerName()
upload The stdlib will be used to write the bytes to disk.
download The stdlib will be used to read the bytes from disk.
pwd Get the current directory from the PEB
injectrdll Inject A Reflective DLL into a process. Setting the pid to 0 will self-inject. The injection is done via the configured method in the server configuration file.
loaddll Using LoadLibraryA, load a DLL from disk.
inject Using the configured method, inject a stageless implant into the target process.
injectbin Using the configured method, inject specified shellcode into the target process.
spawn Using the configured method, inject a stageless implant into the newly created process.
execute-assembly Host a .NET CLR in the current process, execute the assembly, and then cleanly exit.
getthreads List all the threads on the host. If a pid is passed, the search is limited.
getmodules List all the modules in a process. If a pid is passed, then a handle is opened.
ps List all the processes (username, executable name, process id, integrity, parent process).
procgrep Search, and retrieve, information on a specified process.
getsystem Steal a token from a SYSTEM Process and apply it to the executing thread.
setpriv Add or remove a privilege
modulegrep Find a process with a specified module loaded
huntrwx Use NtQueryVirtualMemory syscall to find RWX regions in a process