Linux is one of my favorite operating systems, but you seldom see malware for it, so I was pretty interested when Linux Malware was caught by my honeypot. This article will be my analysis of the sample, particularly the decryption function that was used throughout it. It’s a good example of why using your own encryption algorithm isn’t very secure.
So this is my analysis on the snojan malware. My goal for my articles is to write about different malware samples that I collect in my honeypot. I hate finding a sample and looking up analyses on it only to find that nobody has taken the time to really look at it, so this is my remedy for that.
This article is a continuation of my first article “Reverse Engineering Using Radare2” where I gave a basic introduction to the tool. I highly suggest starting there if you haven’t already, as it covers the very basics.
This article assumes the reader has some basic knowledge in coding and assembly language. If not, a good resource for this would be the assembly tutorial from tutorialspoint.