Malware development with the use of known techniques
KeywordsMalware ; Ιοί ; Virus ; C++ ; Python ; Κακόβουλο λογισμικό ; Malware techniques ; Command and control
In this Thesis we have developed a Proof of Concept malware software that uses common techniques for malware distribution, infection, sandbox detection, persistence, command and control. The purpose of this Thesis is to examine the various implementation techniques of each malware component and use them to create a sample rogue software that infects Microsoft Windows hosts, it searches for information in infected systems, it sends and receives files, it detects debugging or sandboxing attempts and receives commands from the a Command and Control server. For the purposes of this Thesis content from various sources were studied in order to select the appropriate components. The developed malware contains bits and pieces from infamous malware software, software from opensource communities and repositories, content from Dark Web and Hacking Forums. The developed malware is comprised from various different components that perform different tasks with the ultimate goal the infection of the victims system. The malware is comprised from a Dropper (Microsoft Office Document), a System Checking and Injection Software (MallyInjector) and the final malware (DLL- MallySuite). Extensive effort was given in detecting Sandboxing and Debugging attempts. We focused on giving the malware capabilities to understand the environment it executes so it can evade detection and analysis through various malware analysis techniques.