This project is licensed under the MIT License - see the LICENSE file for details.
This project includes code from the Pixsys by Jacob Williams and Phil Legg, which is also licensed under the MIT License. See the ORIGINAL_LICENSE file for details.
The proliferation of malware has intensified, resulting in significant economic losses and heightened security vulnerabilities. Sophisticated, evasive malware used in cyber warfare and targeted attacks poses an escalating challenge for enterprises, organizations, and nations. Recent trends indicate a shift towards using unconventional programming languages for malware development, notably Rust. High-profile cyber-attacks, such as BlackCat and Hive ransomware-as-a-service (RaaS), have inflicted substantial financial damage on businesses and institutions. This paper aims to examine the characteristics of Rust that enhance the evasiveness of malware, with a particular focus on the Microsoft Windows platform.
It is crucial for mitigating threats and preventing further damage, understanding the nature, propagation, and interaction of such malware within systems and networks. Hence, this paper implements Pixsys, a practical tool built by Williams and Legg (2022) for dynamic malware analysis using Rust Based Malware (RBM) samples and pixel-based visualization techniques. It effectively examines complex information about network hosts. Demonstrated in a virtualized network environment, the approach allows for the deployment and observation of malware variants and their behaviors. And therefore, presents a practical methodology for conducting malware analysis to examine the behavior, techniques, and tactics employed by RBM. The paper also highlights the need for increased academic research to address the evolving threat of malware.
You might need to ask the permission from UWE library.
Originally, PixSys was designed for monitoring 4 VMs in the same internal virtual network. This project is slightly different in the number of monitored VM which is only 1. Hence, I've modified some parts within the files to generate visualisation properly.
- ITPro (2022) Why are ransomware gangs pivoting to Rust? [online]. London: ITPro. Available from: https://www.itpro.co.uk/security/ransomware/368476/why-are-ransomware-gangs-pivoting-to-rust/ [Accessed 25 January 2024].
- Deldar, F. and Abadi, M. (2023) Deep learning for zero-day malware detection and classification: a survey. ACM Computing Surveys. 56(2), pp.1-37.
- Praveen, M. and Almobaideen, W. (2023) The Current State of Research on Malware Written in the Rust Programming Language. 2023 International Conference on Information Technology (ICIT), pp. 266-270.