In the previous post, Anonyviet has launched the AnonyvietTrojan tool to encrypt rat viruses, malware, … running in the background on the computer without being detected by Windows Defender by using the direct download link of rat named AnonyvietTrojan v1.1. And in this article, Anonyviet has added a feature for AT v1.1 that is RAT encryption
Note: This article is for educational purposes only. Any illegal acts Anonyviet will not take full responsibility
AnonyvietTrojan v1.1 – Update RAT encryption function and bypass Windows Defender
Before entering the article, I want you to learn about what is RAT? and how it works, read on this paragraph by Anonyviet
In the previous post, I introduced about AnonyvietTrojan v1.0 and the tool also has its pros and cons. This tool only works on Python version 3.9 (download Python version 3.9 here), other Python versions will not work. And there are a lot of people saying that the tool has NSudo errors and code encoding errors. And in this version, the tool has been fixed and works much better and Anonyviet has fixed all that error and added the feature that is rat encoding, and as you know, this tool only surpasses Windows Defender. okay, the victim’s computer installs a second AntiVirus and it is considered inactive. At this point, surely many of you will ask: “Why does encryption only get past Windows Defender?I will explain through the following example.
For example, I have a file virus.exe encoded by base64 has the following form: YW5vbnl2aWV0dHJvamFu
after giving the file virus.exe go to the AnonyvietTrojan tool, the tool will automatically encode it with base64 as above and then the tool will change the letters and numbers in the base64 code, for example I change Y
is the character *
, a
is the character |
and J
will >
then my base64 code changed and I named it base64fake: *W5vbnl2|WV0dH>vamFu
and so we have seen its change but it will not be possible to decode again if decode again it will fail. Therefore, Windows Defender will not consider this as a virus.
The tool will now store the code base64fake there and compile to another exe file and I named it kocovirus.exe . When the victim downloads the file kocovirus.exe and run it then Windows Defender will not scan exe files and then code base64fake will automatically change back to the original base64 code as above, next kocovirus.exe will automatically decode that base64 code into a file virus.exe and your rat automatically runs in the background on the victim machine without being deleted by Windows Defender, which we often call it Backdoor!. And here’s how to use it
To use the tool, please download here okay (pass to extract: anonyviet). When you have finished extracting, open cmd and point to the folder AnonyvietTrojan and enter the setup command for the tool python setup.py
When the setup is complete, enter the command python anonyviet-trojan.py
to enter the tool. Here I choose the number 2 which is the rat encoding then press enter
Next, enter the path or drag and drop your rat file, and I name the new program setup “for psychological manipulation”, the name of the payload, you leave it with a reputable name, for example: svhost , system,… then you set the icon for the program then press y
and Enter then enter the path containing the file .ico your file or drag and drop it in, but if you don’t like to put the icon, press n then enter and choose 1 of 2 tools to compile.
Here, I choose Nuitka to compile into C language and automatically convert to exe, Nuitka has a much higher ability to pass Windows Defender, so Anonyviet added it. Once done we will wait a few seconds for it to build
Anyone who uses Nuitka in the process? Generating If this is the case, please yes let’s all
When the build is complete, your exe file will be saved in the Output folder
And now you open the virtual machine, so let’s try to see if the RAT can bypass Windows Defender!
This article is made for research purposes, please do not use it for illegal purposes
So the article ends here. If you love this tool, please leave a comment below so that I will add some functions and support the tool to run on Kali Linux. Have a nice day!
You can also read more articles AnonyvietTrojan – Tool to help Virus bypass Windows Defender on Anonyviet website