Jump to content

Trojans and HackTool Issues Identified post payload update


Cole

Recommended Posts

I am just getting started with the Bash Bunny, and it's payloads... so pardon me... but should I be concerned with the "Threats" identified by Windows Defender when I updated the payloads using the auto updater?

I'm not sure if these are actually part of the payload that I need, or a potential nefarious attack on my or others system. Any comments would be appreciated. Thanks!

HackTool:PowerShell/Mimikatz.F

file: H:\.payload_repo\payloads\library\credentials\DumpCreds\PS\invoke-m1m1k@tz.ps1

Trojan:PowerShell/Powersploit.H

file: H:\.payload_repo\payloads\library\exfiltration\browserData\Get-BrowserData.ps1

Trojan:PowerShell/Leivion.gen!B

file: H:\.payload_repo\payloads\library\remote_access\USB_Intruder\USB_Intruder\shell.bat

 

https://drive.google.com/open?id=1LKcwn3OMXgR0AtjSYlzjRCLjTGCFrHxS

Link to comment
Share on other sites

AV will trigger because the payloads that are copied to the BB are tagged as bad by AVs.  Mimikatz is a password grabber bit is a payload for the BB to get passwords.  so, yelp it will trigger bit if you are using the updater from the official site then it will just be copying them to the BB.

 

If you are worried, you can always do the updating manually.

Link to comment
Share on other sites

Not so much worried about the auto updater per se, I was more worried about the actual contents of some of the payloads, being a noob and all, and not knowing if those items were supposed to be in the files. Thanks for the clarification 🙂

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...