This is a mini-malware I developed in Python as a PoC in order to implement techniques I've learned about
- Copies itself to the user profile's folder as .pyw file (run without a visible window) and hides himself (using attrib +h)
- Checks if someone tried to access the script (the malware himself) and stops if touched
- Sends a message to the user every 15 seconds "Hello, I'm your malware"
- Kills known analysis tool
- Creates persistency as a schedueled task (runs every three hours)
- Creates persistency in the user's startup folder
- Runs some reconnaissance commands
The malware executes various commands that helps him understand the network (where he is, what his privelges are)
- The malware creates a schedueled task
- The malware copies himself to the user's startup folder
- The malware hides himself using attrib +h
- The malware kills known analysis tools