ToRat_client icon indicating copy to clipboard operation
ToRat_client copied to clipboard

Published 20 hours ago verified publisher icon lu4p

Stealthy Scheduled Task Creation

Open capnspacehook opened this issue 5 years ago • 5 comments

I saw that you are calling the schdtask binary to establish persistence, and while that's totally fine, given your concern for opsec in other parts of the code, I'm assuming you would like to avoid calling external binaries as much as possible.

I recently wrote a Task Scheduler library in Go that allows you to create, modify, delete, run etc scheduled tasks in Windows using COM objects, so no commandline logging will be done. Just thought I'd let you know about it because it's an easy improvement :)

capnspacehook avatar Apr 09 '19 13:04 capnspacehook

Nice would you like to submit a pull request?

lu4p avatar Apr 09 '19 14:04 lu4p

If you dont want to compile tor you can easily test using the notor tag.

cd ~/go/src/github.com/lu4p/ToRat_client

env GOOS=windows go build -ldflags "-s -w" -tags "notor"

lu4p avatar Apr 09 '19 15:04 lu4p

I actually haven't implemented creating tasks from an XML file, that's one of the last things I need to do. Once I implement that I'll let you know.

capnspacehook avatar Apr 09 '19 16:04 capnspacehook

The only essential thing is that it is started at logon.

lu4p avatar Apr 09 '19 16:04 lu4p

@capnspacehook How is the current state can a onlogon trigger be used?

lu4p avatar Nov 04 '19 18:11 lu4p