Do you wanna write some malware?

malware

#1

I think that it would be a good exercise for y’all (myself included) to write some decent malware.

I’ve been rolling the concept for one around in my head for a few weeks and it would be fun to implement, especially with a small team of people working on it.

Here’s a basic concept that is in no way full fleshed-out. The current project name is Murmur.

  • Modular - can be expanded at runtime with more modules
  • Basic functionality has small binary
  • Updatable
  • Hides in legitimate dll in process
  • Can spread across network
  • Uses dns requests for basic communication
  • Http for more complex/large communications
  • Conceals data in images for communications
  • Collects info, passwords, keystrokes, screenshots, etc
  • Organized by encrypted, compressed files

Communication

  • Client
  • Uses dns requests to send small amounts of data periodically
  • Uses https POST to send larger data
  • Uses https GET to get modules or commands
  • Encapsulates communications in images
  • Server
  • Puts received data into encrypted archives for collection
  • Has front website to seem legit
  • Encrypted Virtual File System
  • Stores files in a virtual file system
  • Stores modules, data that needs to be sent to C&C, configuration

I have experience with smaller projects, but this would be much, much larger than anything I’ve worked on by myself.
If people would like to work on this with me, send a pm my way and I’ll organize a team.


([email protected] [email protected]) #2

Not gonna lie here, I saw the title and started to sing the song from frozen in my head lmao.


#3

Yeah, that was my intention.


#4

DNS communications are pretty hard to create covert infrastructure for. Maybe ICMP or something at the lower layers could suffice for small/simple messages.

Also building the C2 server in a way that it can be stealthily deployed to compromised servers/hosts would be a plus as well. That would push the module holding and the heavy work to the attackers computer which is much easier to secure and obfuscate.


#5

Yeah, any ideas are welcome.

One idea is to have a module that can be pushed to the malware to make it act as a C&C server.

Most of all, regardless of the actual methods, it’s important for it to be able to use several different ways of contacting the C&C servers.


(Burning away in an Explosion) #6

Do you wanna build a snowman
Do you wanna write some malware?

Think it’s justified :smile:


(Burning away in an Explosion) #7

For which OS do you want to produce it?
Windows/Linux/Mac/All of them?


#8

Windows, although if it’s modular enough, cross platform wouldn’t be overly difficult.


(Burning away in an Explosion) #9

And in which Language should it be?


#10

Should be in the best language. But it’s prolly going to be in C.


#11

We’ll be using C++. I would’ve preferred to use rust, but c++ is better for this application.


(oaktree) #12

You could probably pull it off in Rust.

I’ve heard of some that use Qt, but that’d probably break the license agreement.

Also, please don’t anything malicious here.


#13

Being cross-platform is not very important.

Also, of course not. This is just an exercise.


#14

VVid0w?!

Do you want to write some malware?
Come on lets go and hack
I never see you anymore
Come on IRC
It’s like you switched to slack!

We used to be so 1337
And now we’re not
I wish you would step it up
Do you want to write some malware?
It doesn’t have to be some malware…

Sirens blare as VVidow is taken away in handcuffs

Okay, bye…


([email protected] [email protected]) #15

Holy shit, it’s glorious. We need to make a complete remix and have someone sing it. Like, this legitamately needs to be a thing. Hell, why not make a music video too?


(ouroborus) #16

Will the code be on a public repo? I’m not skilled enough to participate but I’ll love to see how it actually works


(Command-Line Ninja) #17

I would suggest part of the concept would be that a lot of things, (data collection, surveillance) would be mostly automated. It could create packages (organized by date) that will upload periodically.

If designed well, it could be designed to operate on a very large scale, with a P2P C&C server. The package idea also would allow for future expansion with air-gaps, offline etc.

I don’t want to sound like that guy, but python could be a very good choice. STELF is written in python, and pyinstaller does an extraordinarily good job. Much better than I ever dreamed it to be.

What sort of scale is intended for this project, what would be different about this piece of malware, and how can we creatively incorporate new ideas to this?

I’m excited to see this come to fruition. I hope it does and not just fade away as some projects do :stuck_out_tongue:


(Not a N00b, but still learning) #18

I’m not so experienced with Python, but isn’t it very unstealthy when running on Windows? If not, I think we could create modules/packages with it, but leave the core in C++. Anyways, looking forward to this project! I always had something similar in mind, and my head is sparkling full of ideas! :grin:
Maybe we should do it on our GitLab?

Best, SmartOne


(Command-Line Ninja) #19

pyinstaller compiles to an executable. This is pretty stealthy.


#20

Nymx wants this to run as a dll inside a process. That is infinitely more stealthy than a standalone exe.