dEEpEst
☣☣ In The Depths ☣☣
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
- Joined
- Mar 29, 2018
- Messages
- 13,861
- Solutions
- 4
- Reputation
- 32
- Reaction score
- 45,552
- Points
- 1,813
- Credits
- 55,350
7 Years of Service
56%
Hyperion - Another linux malware
First activated by running the compiled bytecode then proceeded to scans the current directory and overwrites all executable files that have not been previously infected with its morphed code, Next the original executable is run from a file it was copied to during the propagation phase to disguise the fact that the actual executable was infected. Finaly the malware will establish a connection with C2 & begin collecting basic data about the (OS) and close the connection
in principle. Each time the malware runs, it randomly replaces certain assembly code sequences with randomly different sequence of junk opcodes, The overall effect is that each time the program is run different sets of junk assembly instruction sequences are executed, making the code is metamorphic, but the changing opcodes don't relate to the main program function and so the code is always changing but the main program output/effect is consistent
Inspired by this Stack Overflow post.
Source:
First activated by running the compiled bytecode then proceeded to scans the current directory and overwrites all executable files that have not been previously infected with its morphed code, Next the original executable is run from a file it was copied to during the propagation phase to disguise the fact that the actual executable was infected. Finaly the malware will establish a connection with C2 & begin collecting basic data about the (OS) and close the connection
in principle. Each time the malware runs, it randomly replaces certain assembly code sequences with randomly different sequence of junk opcodes, The overall effect is that each time the program is run different sets of junk assembly instruction sequences are executed, making the code is metamorphic, but the changing opcodes don't relate to the main program function and so the code is always changing but the main program output/effect is consistent
Inspired by this Stack Overflow post.
This link is hidden for visitors. Please Log in or register now.
Source: