Skip to content

Proof-of-concept two-stage dropper generator that uses bits from external sources

License

Notifications You must be signed in to change notification settings

SafeBreach-Labs/mkmalwarefrom

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

mkmalwarefrom

mkmalwarefrom is a proof-of-concept two-stage dropper generator. It was released as part of the Malwares From Thin Bits talk given at BSidesDFW 2017 conference by Itzik Kotler from SafeBreach Labs.

Slides are availble here

Version

0.1.0

Installation

mkmalwarefrom requires Python and was tested with Python 2.7.13.

$ git clone https://github.com/SafeBreach-Labs/mkmalwarefrom.git
$ cd mkmalwarefrom
$ python mkmalwarefrom.py -h

Example: Generating /bin/ls from Yahoo

# assume mkmalwarefrom root directory
$ cat /bin/ls | ./mkmalwarefrom.py -1 http://www.yahoo.com > download_ls.py
$ python download_ls.py > ls2 
$ md5 /bin/ls ls2

Example: Generating /usr/bin/nc from /usr/bin/ssh

# assume mkmalwarefrom root directory
$ cat /usr/bin/nc | ./mkmalwarefrom.py -2 /usr/bin/ssh > mk_nc.py
$ python mk_nc.py > nc2
$ md5 /usr/bin/nc nc2

License

BSD 3-Clause

About

Proof-of-concept two-stage dropper generator that uses bits from external sources

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages