You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,7 +25,7 @@ The tool's execution is focused on stealth and efficiency, built around a **Dire
25
25
* It allocates memory using `NtAllocateVirtualMemory`.
26
26
* It writes the decrypted payload DLL into the allocated space with `NtWriteVirtualMemory`.
27
27
* It changes the memory region's permissions to executable using `NtProtectVirtualMemory`.
28
-
* It creates a **named pipe** for C2 communication and writes the pipe's name into the target's memory.
28
+
* It creates a **named pipe** for communication and writes the pipe's name into the target's memory.
29
29
5.**Execution & Control:** A new thread is created in the target process using `NtCreateThreadEx`. The thread's start address points directly to the payload's `ReflectiveLoader` export, with the address of the remote pipe name as its argument. The original main thread of the browser remains suspended and is never resumed. The injector then waits for the payload to connect back to the pipe.
0 commit comments