68

GitHub - SafeBreach-Labs/mkmalwarefrom: Proof-of-concept two-stage dropper gener...

 6 years ago
source link: https://github.com/SafeBreach-Labs/mkmalwarefrom
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

mkmalwarefrom

mkmalwarefrom is a proof-of-concept two-stage dropper generator. It was released as part of the Malwares From Thin Bits talk given at BSidesDFW 2017 conference by Itzik Kotler from SafeBreach Labs.

Slides are availble here

Version

0.1.0

Installation

mkmalwarefrom requires Python and was tested with Python 2.7.13.

$ git clone https://github.com/SafeBreach-Labs/mkmalwarefrom.git
$ cd mkmalwarefrom
$ python mkmalwarefrom.py -h

Example: Generating /bin/ls from Yahoo

# assume mkmalwarefrom root directory
$ cat /bin/ls | ./mkmalwarefrom.py -1 http://www.yahoo.com > download_ls.py
$ python download_ls.py > ls2 
$ md5 /bin/ls ls2

Example: Generating /usr/bin/nc from /usr/bin/ssh

# assume mkmalwarefrom root directory
$ cat /usr/bin/nc | ./mkmalwarefrom.py -2 /usr/bin/ssh > mk_nc.py
$ python mk_nc.py > nc2
$ md5 /usr/bin/nc nc2

License

BSD 3-Clause


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK