CAPEv2
CAPEv2 copied to clipboard
Published
20 hours ago •
kevoreilly
kevoreilly
CAPEv2 cannot handle with GoLang go-clr-based droppers
The password is infected. The final payload should be ServHelper RAT. The dropper should load the .NET ServHelper dropper into memory to execute it.
Thanks - it's a well known issue that golang samples do not work well in cape. I'm actively researching the issues which are related to golang's use of its own stack which causes issues with api hooking. Watch this space.
