dEEpEst Posted January 21, 2023 Share Posted January 21, 2023 Hyperion - Another linux malware First activated by running the compiled bytecode then proceeded to scans the current directory and overwrites all executable files that have not been previously infected with its morphed code, Next the original executable is run from a file it was copied to during the propagation phase to disguise the fact that the actual executable was infected. Finaly the malware will establish a connection with C2 & begin collecting basic data about the (OS) and close the connection in principle. Each time the malware runs, it randomly replaces certain assembly code sequences with randomly different sequence of junk opcodes, The overall effect is that each time the program is run different sets of junk assembly instruction sequences are executed, making the code is metamorphic, but the changing opcodes don't relate to the main program function and so the code is always changing but the main program output/effect is consistent Inspired by this Stack Overflow post. This is the hidden content, please Sign In or Sign Up Source: This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts