FALCONSTRIKE: a stealthy, targeted Windows Loader for delivering second-stage payloads
Introducing FalconZero v1.0 – a stealthy, targeted Windows Loader for delivering second-stage payloads(shellcode) to the host machine undetected – first public release version Loader/Dropper of the FALCONSTRIKE project.
- Dynamic shellcode execution
- Usage of Github as the payload storage area – the payload is fetched from Github
- Targeted implant Loader – only execute on targeted assets – thwart automated malware analysis and hinder reverse engineering on non-targeted assets
- Killdates – implant expires after a specific date
- Stealthy shellcode injection technique without allocating RWX memory pages in victim process to evade AV/EDRs – currently injects to explorer.exe
- Sensitive strings encrypted using XOR