/Nimalathatep

Nim Payload Generation

Primary LanguageNim

Nimalathatep

Nimalathatep is a Nim shellcode payload generation project that aims to get a stealthy binary into your hands quickly. All methods use well-known API-call sequences.

Evasion

AV/EDR avoidance is performed through AES encryption followed by Base64, with the payload itself only being decrypted at runtime. The IV is currently static, but I aim to change this in the future. Compiling to a control panel item is your stealthiest approach for now.

Compilation

Ensure you have NIM downloaded from here: https://nim-lang.org/install.html

Install the winim, ptr_math, and nim crypto prior to compiling with the following commands:
nimble install winim
nimble install nimcrypto
nimble install ptr_math
nimble install sysrandom
To compile:
nim -d:release c .\nimalathatep.nim

alt_text

Usage

Run the executable and give it the desired API method, shellcode file, and output file type:

.\nimalathatep.exe <apiMethod> <binFile> <outfiletype>

alt_text

Defender Check

alt_text

Changes

-Added support for all API calls to be used as an XLL
-Added random key for encryption
-Formatting fixes
-Added new API method (EnumCalendarInfo)

To Do

-Generation option to directly place the file into a PDF as an attachment
-Custom unhook stuff
-Add option to pack payload into iso or 7zip

Credits

Some code bits from:
https://github.com/byt3bl33d3r/OffensiveNim
https://www.ired.team/
https://github.com/bigb0sss/Bankai <--Initial inspiration

Disclaimer

Only use this for purposes involving systems that you have been given permission to access and alter. I am not responsible if you do illegal stuff.