by H3 Collective | Sep 30, 2019
Being able to communicate with command and control servers without having to worry about running a sample of malware is a powerful and useful tool. Researchers can now download configuration files, additional modules, and in some cases additional payloads. As a follow-up to my previous post on DanaBot, in which I covered its command and control protocol, I’m going to review what it takes to re-implement DanaBot’s protocol. In this post, I’ll go into detail and describe the code I’ve written to communicate with DanaBot’s command and control servers. Note: this post is written for those who may not have done much botnet research. Choices When reversing DanaBot and taking a closer look at the encryption mechanisms surrounding their communication protocol, I decided to re-implement the bot’s communication process in C. Generally, I like to hack things together with Python, since...
