Disable Windows Defender Script needed!

[CYBERDEVILZ]

The ransomware is all built and running smooth. The final obstacle between Cryptonite and total destruction is the native Antivirus of Windows. Yeah, the windows defender. I am looking for a script that either disables the windows defender completely or adds an exclusion to a path so that I can safely execute the Ransomware from that folder. Anybody willing to contribute are absolutely welcome !

[CYBERDEVILZ]

I already have a script but unfortunately, in certain Windows version, it gets detected.

[Lasagne123]

could run a vm and find different versions of the script to disable defender on different versions of windows and check winver before doing any sketch shit to find which script to run.

[chicabenjamin82]

https://github.com/leonv024/RAASNet

This guy code is able to bypass any antivirus detection. Maybe have a look at it?

[CYBERDEVILZ]

I have already taken a look at it. The thing is, ransomwares has to be executable files and not python scripts. Even in my case, Cryptonite.py can run without getting detected by Windows Defender, or other antivirus programs. But the moment we convert Cryptonite into an exe file, it gets detected. Hence, to battle this problem we need a script that can either disable windows defender completely or a script that can execute our exe file without letting windows defender catch it. Anyways, thanks :)

[P0intMaN]

Same observation. Python scripts generally avoid detection, but executables get caught.

[chicabenjamin82]

https://github.com/swagkarna/Defeat-Defender-V1.2

@CYBERDEVILZ @P0intMaN how about this? the script will completely disable windefend Services. Once it has disabled then we can get Cryptonite exe to run

[CYBERDEVILZ]

Swagkarna! This guy is awesome. He creates awesome programs related to hacking. Unfortunately, this script is not FUD anymore. I tried it myself a couple of days back.

[chicabenjamin82]

I guess Microsoft caught up to it? That's not good.

Are we able to run Cryptonite as a script?

[CYBERDEVILZ]

Yes, we can run it as a script. Just fill in the necessary information inside Cryptonite.py like NGROK URL, BTC_AMOUNT etc and you are good to go.

[chicabenjamin82]

@CYBERDEVILZ @P0intMaN have you read this article? https://www.bleepingcomputer.com/news/security/stealthy-blister-malware-slips-in-unnoticed-on-windows-systems/

Maybe can get some insight from it.

TLDR: Blister uses valid code-signing certificates to disguise its code as secure .exe. Possibly bypasses smartscreen and google alerts.

[P0intMaN]

Ah, the certificates! I've been researching about this for a while. Could be a viable solution but an expensive one ( checkout this stackoverflow query ) @chicabenjamin82 do you happen to know any site from where one can download certificates (more specifically, leaked certificates)?

[CYBERDEVILZ]

Yes, the certificate signing is an expensive process. You gotta either steal it (illegal) or obtain a valid one from a company.

[chicabenjamin82]

@P0intMaN I have some idea where to look for ones. Let me search and let you guys know

[swagkarna]

https://github.com/swagkarna/Defeat-Defender-V1.2

@CYBERDEVILZ @P0intMaN how about this? the script will completely disable windefend Services. Once it has disabled then we can get Cryptonite exe to run

Don't worry Defeat-Dedendor-V3 in python will be released soon

[meepmaster360]

https://github.com/swagkarna/Defeat-Defender-V1.2 @CYBERDEVILZ @P0intMaN how about this? the script will completely disable windefend Services. Once it has disabled then we can get Cryptonite exe to run

Don't worry Defeat-Dedendor-V3 in python will be released soon

Nice... Cheers, Meep.