Command & Control (often shortened to C&C or C2) is an umbrella term used to refer to servers involved in the control and/or distribution of malware. This includes, but is not limited to, any servers that host malware payloads, issue commands to infected systems, or receive exfiltrated data.
C2s pose a unique challenge for malware analysts, because while the malware code may be available to reverse engineer, the C2 code typically is not.
As such, it is not always clear how the C2 infrastructure works, or what it does.
Some threat actors will leverage the fact that C2 code is not public to implement server-side anti-analysis.
One example of this could be uploading a list of running processes, then not providing the 2nd stage payload if any malware analysis related tools are detected.
These examples all communicated with a C2 server hosted by MalwareTech Labs, so you don’t have to worry about opsec.
With that said, it’s still recommended to always perform any analysis inside a virtual machine for safety.
[Read more]