Encryption_1 is a program that can be useful in post exploitation operations in order to silently load SharpSploit. Moreover, can ben used to load and execute standalone powershell script.
Encryption_1 works in two phases:
- On the attacher machine:
- Use Encryption_1 to encrypt SharpSploit.dll with aes symmetric encryption and save aes key and aes iv files.
- On the target machine:
- Upload Encryption_1, SharpSploit.dll.enc, aes key and aes iv
- Run Encryption_1 to load the encrypted dll in RAM
The work flow of the application can be found here:
Sharpsploit dll cannot be detected by "standard" AV because the file is encrypted and cannot be parsed from the antivirus.
The only way to detect Sharpsploit is using a RAM inspector antivirus.
The Encryption_1's code is not available because it is simple to write, anyone can write it. Moreover, in this way there will be less submissions of the same code on Virustotal :)