BetterXencrypt: Powershell runtime crypter designed to evade AVs
BetterXencrypt
A better version of Xencrypt.Xencrypt itself is a Powershell runtime crypter designed to evade AVs. cause Xencrypt is not FUD anymore and easily gets caught by AMSI, I recode the stub, and now it FUD again. And the original Xencrypt,if you see on the screenshot proof,he’s tested on Windows 8,and if I test it on the newest Windows 10,it doesn’t FUD, causes that I want to make it FUD again and make everyone happy 😀
Features
- Bypasses AMSI, Behavior Monitoring, and all modern AVs in use on MetaDefender (dont wanna test it VirusTotal.MetaDefender is more than enough)
- Compresses and encrypts powershell scripts
- Has a minimal and often even negative (thanks to the compression) overhead
- Randomizes variable names to further obfuscate the decrypter stub
- Super easy to modify to create your own crypter variant
- Supports recursive layering (crypter crypting the crypted output), tested up to 500 layers.
- Supports Import-Module as well as standard running as long as the input script also supported it
- All features in a single file so you can take it with you anywhere!
Download
git clone https://github.com/GetRektBoy724/BetterXencrypt.git
Usage
It’s better to run the BetterXencrypt script on Linux Powershell, cause I never try it on Windows Powershell. (Surprised that Linux has Powershell? Take a look at this)
Import-Module ./betterxencrypt.ps1
Invoke-BetterXencrypt -InFile invoke-mimikatz.ps1 -OutFile xenmimi.ps1
You will now have an encrypted xenmimi.ps1 file in your current working directory. You can use it in the same way as you would the original script, so in this case:
Import-Module ./xenmimi.ps1
Invoke-Mimikatz
It also supports recursive layering via the -Iterations flag.
Invoke-BetterXencrypt -InFile invoke-mimikatz.ps1 -OutFile xenmimi.ps1 -Iterations 100
Warning though, the files can get big, and generating the output file can take a very long time depending on the scripts and number of iterations requested.
