Progress Overview [06/18/21]

--- tags: forced-execution --- # Progress Overview [06/18/21] For this week, most of the aim to short-list samples was based on the following properties: - Having conditionals - Extensive dataflow - Malicious to an extent to steal data However, most of the samples that were shortlisted were based on the intuition that they may be promising enough to market well in the case-study of the paper. So below is the list of samples that were first-hand shortlisted based on their ability to do something interesting and could be actually malicious. 1. [25b0918dd0f5c5a9ca826b041ca916fba483326f.py](https://github.com/roguedream/py-mal-sample/blob/main/malware_samples_2/decompiled_refactored_py3/25b0918dd0f5c5a9ca826b041ca916fba483326f.py): Runs a process in background to connect to a remote host, meanwhile only prints "Hello World" in the main process. *(No sensitive information)* 2. [80ca4f86cd57a918c8fd0cf2bba4c5766f68b600.py](https://github.com/roguedream/py-mal-sample/blob/main/malware_samples_2/decompiled_refactored_py3/80ca4f86cd57a918c8fd0cf2bba4c5766f68b600.py): Tool to interact with ssh servers. Has the ability to leak SSH and computer details to remote server. *(Lacks remote server information and does not have interesting sensitive information)* 3. [91b96dbfa37bfa1fd85ec5d2f40e2512146052fb.py](https://github.com/roguedream/py-mal-sample/blob/main/malware_samples_2/decompiled_refactored_py3/91b96dbfa37bfa1fd85ec5d2f40e2512146052fb.py): Steals system information and uploads to twitter. Obfuscated and so cannot be sure what it does with google docs and drive. Running it gives no essesntial information. Twitter handle leads to this [article](https://www.zdnet.com/article/jhonerat-exploits-microsoft-office-cloud-services-to-attack-middle-eastern-countries/). Not alot of malicious activity can be seen since the connections are failing. 4. [ae3dac25d9c4a78a34744b88894207454b6ac9a1.py](https://github.com/roguedream/py-mal-sample/blob/main/malware_samples_2/decompiled_refactored_py3/ae3dac25d9c4a78a34744b88894207454b6ac9a1.py): No conditionals and so ignored. 5. [b48c4cfc7208305811645f28aba2895f5555330d.py](https://github.com/roguedream/py-mal-sample/blob/main/malware_samples_2/decompiled_refactored_py3/b48c4cfc7208305811645f28aba2895f5555330d.py): Backdoor to steal discord and browser token. No discord so leads to fake-objects explosion. 6. [be82a4406338352a60c86169fd19ec97233b696e.py](https://github.com/roguedream/py-mal-sample/blob/main/malware_samples_2/decompiled_refactored_py3/be82a4406338352a60c86169fd19ec97233b696e.py): Ransomware (Did not run yet) 7. [d2413d2d0f8a9a1e250d3a1b17df07da12df42c0.py](https://github.com/roguedream/py-mal-sample/blob/main/malware_samples_2/decompiled_refactored_py3/d2413d2d0f8a9a1e250d3a1b17df07da12df42c0.py): Only GUI for ransomware. Does nothing malicious. 8. [d94437d6aa2b74d56626e1cb31230949e21c4f48.py](https://github.com/roguedream/py-mal-sample/blob/main/malware_samples_2/decompiled_refactored_py3/d94437d6aa2b74d56626e1cb31230949e21c4f48.py): Proper tool to simulate ransomware. Can encrypt and decrypt. (Did not run because just a tool) 9. [e1733d57f13a12355af31d11b8c99ebf74689272.py](https://github.com/roguedream/py-mal-sample/blob/main/malware_samples_2/decompiled_refactored_py3/e1733d57f13a12355af31d11b8c99ebf74689272.py): Connects to server and then further connects to other servers depending on the reply. Sort of DDoS attack. Running it does nothing but just runs infinitely .i.e. the connection does not proceed. *(no interesting conditionals)*