NXcrypt - Python Backdoor Framework

NXcrypt is a polymorphic 'python backdoors' crypter. The output is fully undetectable .
NXcrypt can inject malicious python file into a normal file with multi-threading system .
Run it with superuser's permissions .
NXcrypt output is Fully undetectable .
Backdooring Module :
Alt text
Encryption Module
Alt text

Usage :

How it work ?

  • Encryption module :
  • NXcrypt add some junkcode .
  • NXcrypt use a python internal module 'py_compile' who compile the code into bytecode to a .pyc file .
  • NXcrypt convert .pyc file into normal .py file .
  • And in this way we can obfuscate the code
  • The md5sum will change too
  • Injection module :
  • it inject a malicious python file into a normal file with multi-threading system .

Test with Virustotal

Before :
SHA256: e2acceb6158cf406669ab828d338982411a0e5c5876c2f2783e247b3e01c2163 File name: facebook.py Detection ratio: 2 / 54
After :
SHA256: 362a4b19d53d1a8f2b91491b47dba28923dfec2d90784961c46213bdadc80add File name: facebook_encrypted.py Detection ratio: 0 / 55

Video Tutorial

Powered by Blogger.