Hello all I am going to make this a series on how to create modern malware starting from the coding all way to actually spreading it.
When I say malware I refer to a computer program that receives commands and does something with the received commands on predefined actions.
The series will talk about how to create a general malware, not a RAT/Botnet. Generally modern malware in this day and age always has 3 main functions, those are: download files, upload files and execute shell commands.
With that simple combination of functions your malware can achieve pretty much everything you want it to do, this includes updating, dropping extra malware, downloading sensitive files, obtaining a reverse shell, etc,...
Now you could argue that you can download and upload files using only shell commands and that is true but not recommended for your malware because it requires your malware dropping a shell every time it needs to download/upload files which can help AV companies to detect it
The language that I will use in this series will mostly be pseudo C code, I assume you have basic prior knowledge of programming.
[Part 0] - [Choosing the right programming language]
When choosing what programming language to write your malware in, it's always best to do extensive research regarding each and every little detail about the said language.
This includes basic things such as whether or not the language is a compiled or interpreted, language garbage collection and runtime details, how common malware is written in the said language, etc,...
And more hidden information such as whether or not compiled binaries require C++ VCRUNTIME to be installed on the system, which operating systems does the language officially support (and unofficially support), which systems include the required packages by default to run scripts (if the language is interpreted), etc,...
After you have extensively researched the desired language you want to use, it's best to gather experience with it by writing various simple programs to test it's features and it's limitations, I do have a list of things you should attempt to create, those are:
Create a calculator
Creating a calculator is an easy but powerful way to test the language you're dealing with, some interpreted language support the `eval()` keyword that allows code to be elevated and ran on the fly, and that can be used to create a simple, albeit dangerous calculator.
If you language supports `eval()` then it will come in handy if you want to create plugins for your malware without dropping additional files, if your language does not support it then no worries, there are other ways to create plugins without `eval()`, albeit they require more work.
.
Create a simple HTTP server
Creating a server in the language you've chosen is important to test the language limitation with multi-threading and general performance of the language with handling requests and such
Since your malware has to communicate with the internet in order to receive commands, best to ensure the chosen language is capable of handling and sending traffic and has mature and tested libraries for that purpose.
.
There are more example projects you can do in your language of choice to test it's capabilities and limitations, those were just some examples.
If you have reached and finished this part, congratulations! You now know a thing or two about how to pick the right language for your malware as well as how to test if the language is "malware worthy"
.
Wait until next part where we will continue on our journey, I will edit this thread with link once released.
When I say malware I refer to a computer program that receives commands and does something with the received commands on predefined actions.
The series will talk about how to create a general malware, not a RAT/Botnet. Generally modern malware in this day and age always has 3 main functions, those are: download files, upload files and execute shell commands.
With that simple combination of functions your malware can achieve pretty much everything you want it to do, this includes updating, dropping extra malware, downloading sensitive files, obtaining a reverse shell, etc,...
Now you could argue that you can download and upload files using only shell commands and that is true but not recommended for your malware because it requires your malware dropping a shell every time it needs to download/upload files which can help AV companies to detect it
The language that I will use in this series will mostly be pseudo C code, I assume you have basic prior knowledge of programming.
[Part 0] - [Choosing the right programming language]
When choosing what programming language to write your malware in, it's always best to do extensive research regarding each and every little detail about the said language.
This includes basic things such as whether or not the language is a compiled or interpreted, language garbage collection and runtime details, how common malware is written in the said language, etc,...
And more hidden information such as whether or not compiled binaries require C++ VCRUNTIME to be installed on the system, which operating systems does the language officially support (and unofficially support), which systems include the required packages by default to run scripts (if the language is interpreted), etc,...
After you have extensively researched the desired language you want to use, it's best to gather experience with it by writing various simple programs to test it's features and it's limitations, I do have a list of things you should attempt to create, those are:
Create a calculator
Creating a calculator is an easy but powerful way to test the language you're dealing with, some interpreted language support the `eval()` keyword that allows code to be elevated and ran on the fly, and that can be used to create a simple, albeit dangerous calculator.
If you language supports `eval()` then it will come in handy if you want to create plugins for your malware without dropping additional files, if your language does not support it then no worries, there are other ways to create plugins without `eval()`, albeit they require more work.
.
Create a simple HTTP server
Creating a server in the language you've chosen is important to test the language limitation with multi-threading and general performance of the language with handling requests and such
Since your malware has to communicate with the internet in order to receive commands, best to ensure the chosen language is capable of handling and sending traffic and has mature and tested libraries for that purpose.
.
There are more example projects you can do in your language of choice to test it's capabilities and limitations, those were just some examples.
If you have reached and finished this part, congratulations! You now know a thing or two about how to pick the right language for your malware as well as how to test if the language is "malware worthy"
.
Wait until next part where we will continue on our journey, I will edit this thread with link once released.