hello, i have a question regarding the case of using new malware code which is essentially a zero day but packing it with a "tagged" stub, that will result with the file being detected as mw. My question then is it possible for a malware writer to know which stub is unused, or it's impossible since it depends on the packer which chooses randomly, then we are left with two options either there is a packer in the dark web used by hackers which removes a stub each time they sell it to a buyer. or the malware owner tries his packed file with multiple AVs many times until it's not detected ? sorry if i turned it into a monolog i just got lost speaking outloud.
I misspoke. I meant samples for targeted attacks. Malware that is spread on masse needs packing for evasion in the long run, but not malware that is used once or twice for a specific target. So often targeted samples are not packed.
hey man, I have a question, how do I test the malware that I made I don't want to upload it virustotal obviously I just want to test without it getting detected.
Couldnt a malware devloper use a c2 to create self morphing malware by having the malware send a request to the c2 to reobfuscate and recompile the malware then send the new malware back and have it replace the old one, this would allow for long time persistence because even if the original stub gets detected it would have already changed completely
Superb! Thank you for the time it took you to write and produce this video. Education is a wonderful thing.
This was very clear and easy to follow. Thank you.
Very good video thanks for this clear to the point explanation !
hello, i have a question regarding the case of using new malware code which is essentially a zero day but packing it with a "tagged" stub, that will result with the file being detected as mw. My question then is it possible for a malware writer to know which stub is unused, or it's impossible since it depends on the packer which chooses randomly, then we are left with two options either there is a packer in the dark web used by hackers which removes a stub each time they sell it to a buyer. or the malware owner tries his packed file with multiple AVs many times until it's not detected ?
sorry if i turned it into a monolog i just got lost speaking outloud.
You mentioned common malware actors will use packers, but APTs would not. What would APTs use or otherwise do to serve the same purpose?
I misspoke. I meant samples for targeted attacks. Malware that is spread on masse needs packing for evasion in the long run, but not malware that is used once or twice for a specific target. So often targeted samples are not packed.
hey man, I have a question, how do I test the malware that I made I don't want to upload it virustotal obviously
I just want to test without it getting detected.
Kleenscan
Thanks for the explanation. 😘
Thanks!
Kindly more videos
could u ever do a demo vedio of al this packking and all of mayb a simple metsploit payload or smthg common u see everytime
I think that's a good idea if coupled with how to unpack those again. But I cannot promise anything. I am currently very involved with other projects.
Couldnt a malware devloper use a c2 to create self morphing malware by having the malware send a request to the c2 to reobfuscate and recompile the malware then send the new malware back and have it replace the old one, this would allow for long time persistence because even if the original stub gets detected it would have already changed completely
Sure, but that is not called packing.