This post starts my foray into actual technical posts. I’ll go over the malware I wrote with a group for a class, how it works, what features it has, etc., in technical detail :)
The TL;DR
We created a modular malware implant and C2 framework which run on Windows 10 (and perhaps other versions) machines. Our implant is lightweight, written in Visual C, and most functionality is delivered via C2 RPCs, which delivers DLLs which are loaded in memory and never written onto disk.
The C2 masquerades as a deep-fried meme site, which is useful because our obfuscation method, Pixel Value Difference steganography, can encode more data for these types of images.