Do you wanna write some malware?

Nymx · March 23, 2017, 2:25am

I think that it would be a good exercise for y’all (myself included) to write some decent malware.

I’ve been rolling the concept for one around in my head for a few weeks and it would be fun to implement, especially with a small team of people working on it.

Here’s a basic concept that is in no way full fleshed-out. The current project name is Murmur.

Modular - can be expanded at runtime with more modules
Basic functionality has small binary
Updatable
Hides in legitimate dll in process
Can spread across network
Uses dns requests for basic communication
Http for more complex/large communications
Conceals data in images for communications
Collects info, passwords, keystrokes, screenshots, etc
Organized by encrypted, compressed files

Communication

Client
Uses dns requests to send small amounts of data periodically
Uses https POST to send larger data
Uses https GET to get modules or commands
Encapsulates communications in images
Server
Puts received data into encrypted archives for collection
Has front website to seem legit
Encrypted Virtual File System
Stores files in a virtual file system
Stores modules, data that needs to be sent to C&C, configuration

I have experience with smaller projects, but this would be much, much larger than anything I’ve worked on by myself.
If people would like to work on this with me, send a pm my way and I’ll organize a team.

VVid0w · March 23, 2017, 2:31am

Not gonna lie here, I saw the title and started to sing the song from frozen in my head lmao.

Nymx · March 23, 2017, 2:32am

Yeah, that was my intention.

nullbites · March 23, 2017, 3:46am

DNS communications are pretty hard to create covert infrastructure for. Maybe ICMP or something at the lower layers could suffice for small/simple messages.

Also building the C2 server in a way that it can be stealthily deployed to compromised servers/hosts would be a plus as well. That would push the module holding and the heavy work to the attackers computer which is much easier to secure and obfuscate.

Nymx · March 23, 2017, 3:49am

Yeah, any ideas are welcome.

One idea is to have a module that can be pushed to the malware to make it act as a C&C server.

Most of all, regardless of the actual methods, it’s important for it to be able to use several different ways of contacting the C&C servers.

Derfloink · March 23, 2017, 12:24pm

Do you wanna build a snowman
Do you wanna write some malware?

Think it’s justified

Derfloink · March 23, 2017, 12:35pm

For which OS do you want to produce it?
Windows/Linux/Mac/All of them?

Nymx · March 23, 2017, 12:38pm

Windows, although if it’s modular enough, cross platform wouldn’t be overly difficult.

Derfloink · March 23, 2017, 12:39pm

And in which Language should it be?

Joe_Schmoe · March 23, 2017, 12:46pm

Should be in the best language. But it’s prolly going to be in C.

Nymx · March 23, 2017, 1:13pm

We’ll be using C++. I would’ve preferred to use rust, but c++ is better for this application.

oaktree · March 23, 2017, 3:04pm

You could probably pull it off in Rust.

I’ve heard of some that use Qt, but that’d probably break the license agreement.

Also, please don’t anything malicious here.

Nymx · March 23, 2017, 3:41pm

Being cross-platform is not very important.

Also, of course not. This is just an exercise.

Sirius · March 23, 2017, 5:58pm

VVid0w?!

Do you want to write some malware?
Come on lets go and hack
I never see you anymore
Come on IRC
It’s like you switched to slack!

We used to be so 1337
And now we’re not
I wish you would step it up
Do you want to write some malware?
It doesn’t have to be some malware…

Sirens blare as VVidow is taken away in handcuffs

Okay, bye…

VVid0w · March 23, 2017, 8:37pm

Holy shit, it’s glorious. We need to make a complete remix and have someone sing it. Like, this legitamately needs to be a thing. Hell, why not make a music video too?

ngwdaniel · March 24, 2017, 11:05am

Will the code be on a public repo? I’m not skilled enough to participate but I’ll love to see how it actually works

pry0cc · March 24, 2017, 10:15pm

I would suggest part of the concept would be that a lot of things, (data collection, surveillance) would be mostly automated. It could create packages (organized by date) that will upload periodically.

If designed well, it could be designed to operate on a very large scale, with a P2P C&C server. The package idea also would allow for future expansion with air-gaps, offline etc.

I don’t want to sound like that guy, but python could be a very good choice. STELF is written in python, and pyinstaller does an extraordinarily good job. Much better than I ever dreamed it to be.

What sort of scale is intended for this project, what would be different about this piece of malware, and how can we creatively incorporate new ideas to this?

I’m excited to see this come to fruition. I hope it does and not just fade away as some projects do

SmartOne · March 24, 2017, 10:36pm

I’m not so experienced with Python, but isn’t it very unstealthy when running on Windows? If not, I think we could create modules/packages with it, but leave the core in C++. Anyways, looking forward to this project! I always had something similar in mind, and my head is sparkling full of ideas!
Maybe we should do it on our GitLab?

Best, SmartOne

pry0cc · March 24, 2017, 10:53pm

pyinstaller compiles to an executable. This is pretty stealthy.

Joe_Schmoe · March 24, 2017, 11:03pm

Nymx wants this to run as a dll inside a process. That is infinitely more stealthy than a standalone exe.