bytecode77/r77-rootkit

Issues

• Which stage will cause AV detections? (and a couple more questions)

  #108 opened 4 days ago by Alcinzal
  2

• somehting bug me for days(not r77 bug)

  #107 opened 7 days ago by wineggdrop
  5

• GetProcessFileName() issue

  #105 opened 8 days ago by wineggdrop
  4

• What are these ip's used for?

  #106 opened 12 days ago by VibeProgramm
  2

• NtQueryDirectoryFile

  #100 opened 20 days ago by MaggieKong
  4

• A bug In HookedNtQueryDirectoryFile

  #104 opened 20 days ago by wineggdrop
  4

• A bug In HookedNtQueryDirectoryFile and HookedNtQueryDirectoryFileEx

  #103 opened 22 days ago by wineggdrop
  1

• $77 is showed in windows defender execlude

  #102 opened a month ago by SkynetCorporations
  8

• question

  #101 opened a month ago by charlesmigel
  8

• Unknown Issue

  #99 opened 2 months ago by MaggieKong
  2

• Hiding users (net.exe and lusrmgr.msc)

  #74 opened 9 months ago by MaggieKong
  20

• registry key HKEY_LOCAL_MACHINE\SOFTWARE\$77config run as administrator ?

  #96 opened 2 months ago by badboycxcc
  1

• File.Exists or Directory.Exists still return true

  #98 opened 2 months ago by mrapxs
  1

• The program that has been set to startup does not start. Why?

  #97 opened 2 months ago by badboycxcc
  1

• This script contains malicious content and has been blocked by your antivirus software.

  #94 opened 2 months ago by error0x1337
  12

• 22:14:14 Injection of (process) (PID [REDACTED[) failed. Sandboxes are not supported

  #89 opened 2 months ago by PROMPTYLOL
  1

• Help

  #88 opened 2 months ago by PROMPTYLOL
  2

• Unable to hide netstat network connections

  #95 opened 2 months ago by badboycxcc
  2

• try to make it FUD

  #93 opened 2 months ago by charlesmigel
  2

• file not found: Resources\Stager.exe

  #92 opened 3 months ago by error0x1337
  11

• rebuild issues

  #91 opened 4 months ago by SkynetCorporations
  1

• HookedNtEnumerateKey CPU Overhead??

  #90 opened 5 months ago by mrapxs
  7

• The type or namespace name 'Stager' could not be found

  #87 opened 6 months ago by 4M6D
  1

• Detect $77 process in python ?

  #86 opened 6 months ago by Evaexe117
  2

• Question.

  #85 opened 7 months ago by ConstantLearner121
  0

• (0xc0000005) 'Access violation'

  #84 opened 7 months ago by mrapxs
  2

• [ ‎ HELP ‎ ]‎ ‎ ‎ ‎ —‎ ‎ ‎ ‎ How‎‎ I‎ can ‎ use‎ the‎ ControlPipe ‎ in‎ C# ?? 🥴

  #82 opened 8 months ago by fSociety-Protected
  4

• Add Support for The Use of WildCard Characters

  #83 opened 8 months ago by Chainski
  7

• I discovered new rootkit vulnerability stronger than your rootkit with 0 coding (no admin required)

  #75 opened 8 months ago by GrudgeInfection
  10

• Install.shellcode

  #79 opened 8 months ago by sa6ta6ni6c
  3

• r77 pipes

  #80 opened 8 months ago by hastalamuerte
  8

• Help

  #72 opened 8 months ago by MazenNassar
  3

• #//~~ Long time without talk! ^- ^ [ HELP ]

  #78 opened 8 months ago by fSociety-Protected
  11

• Significant challenge with BitDefender AV (BD) that affects the operation of admin-level processes

  #77 opened 8 months ago by Ogyeet10
  2

• Issue with BitDefender Partial Detection of r77 and Loss of Persistence

  #76 opened 8 months ago by Ogyeet10
  4

• testconsole won't work

  #73 opened 9 months ago by MaggieKong
  5

• Help Needed - Happy to pay consulting fees

  #71 opened 10 months ago by Totalnoob1164
  1

• ControlPipe using Powershell

  #70 opened 10 months ago by APT-ZERO
  3

• how to change perfix $77 to my own keyword

  #62 opened a year ago by DARK-DEVIL-66
  11

• Adding a .exe to startup

  #68 opened a year ago by Klaped
  6

• How to use shellcode?

  #61 opened a year ago by Summ3rM0
  7

• r77 rookit injects into PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON process

  #67 opened a year ago by wineggdrop
  0

• "MSB3073" Error

  #66 opened a year ago by jsk6
  4

• Teaching lessons

  #64 opened a year ago by jsk6
  5

• Contact information

  #65 opened a year ago by Knakiri
  1

• How to exclude specific processes from installation?

  #60 opened a year ago by CR7SON
  2

• Removal tool

  #57 opened a year ago by pyluadotcode
  1

• $77 How can a non-interactive SYSTEM permission process use ShellExecuteW so that its child processes can be interactive

  #55 opened a year ago by saoye-dve
  2

• resources

  #58 opened a year ago by Mustwey
  7

• How to start executable files hidden by r77rookit?

  #56 opened a year ago by Summ3rM0
  7