Skip to content

sergiLopez/Flanders-Trojan

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

Loader

Loader

 
 

Payload

Payload

 
 

Servidor

Servidor

 
 

Flanders-Trojan.png

Flanders-Trojan.png

 
 

README.md

README.md

 
 

Repository files navigation

⚠️ WARNING ⚠️

This project is for academic purposes only.

The methods used within this project should not be utilized for illegal or unethical activities. Please use responsibly!

The Origin

The Flanders trojan was developed for my computer engineering final thesis, driven by a curiosity for cybersecurity and a desire to delve deeper into operating system knowledge. It is developed specifically for Windows using C++, showcasing a blend of technical challenge and academic exploration.
Flanders, a character from The Simpsons, is known for his peaceful and innocent nature. However, this character harbors something dark within him. This behavior perfectly defines how the developed trojan operates, hence the name.

Components

The Flanders trojan is primarily composed of three components, each playing a pivotal role in its operation:

LOADER

The Loader is the initial component, responsible for setting the stage for the trojan's activities. Its functionalities include:

  • VM Detection: Identifying virtual machines through hypervisor signature.
  • Debugging Detection: Utilizing NtQueryInformationProcess to detect debugging environments.
  • Privilege Escalation: Bypassing User Account Control (UAC) to gain higher privileges.
  • Persistence: Achieving persistence through Windows Registry modifications or Scheduled Tasks.
  • DLL Injection: Injecting the payload, a DLL file, into explorer.exe.

PAYLOAD

Following the Loader, the Payload component is responsible for executing a series of malicious actions:

  • File Encryption: Utilizing AES encryption to lock files.
  • Keylogging: Recording keystrokes to capture sensitive information.
  • Screen Capturing: Taking screenshots to monitor user activity.
  • Command Execution: Running malicious commands or scripts.
  • DDoS Attack: Launching HTTP flood attacks to disrupt targeted services.

This payload communicates with a server to send victim information, further facilitating malicious operations.

SERVER

The Server acts as the command and control (C2) center for the Flanders trojan:

  • Receiving Requests: Handling incoming communications from victim machines.
  • Management: Orchestrating the network of infected devices, effectively creating a botnet for coordinated attacks or information theft.

About

Trojan written in C++ for Windows

Topics

windows c-plus-plus ddos persistence malware trojan screen-capture ransomware keylogger dll-injection privilege-escalation uac-bypass command-and-control vm-detection c2-server debugger-detection

Resources

Readme
Activity

Stars

11 stars

Watchers

2 watching

Forks

7 forks
Report repository

Packages

No packages published

Languages