The Go language (GoLang) is an open source programming language developed by Google Inc. in 2009, and it can be run on various platforms such as Linux, Mac, Windows, Android.
Speaking of malware using Golang, Mirai is one of the famous one (they use it for the C2 program), but malware such as Encriyoko, Lady, GoARM.Bot, Go Athena RAT and others are also confirmed.
However, we can’t say that Golang malware is commonly used as development basis for malware coding when looking at the ratio of popular malware.
In this presentation, we would like to introduce the analysis result of a new malware, we called it as “WellMess” that was coded on Golang on multiple platform operating systems. This malware was used by several incident cases that we confirmed from January 2018, we recognize it as a new malware according to our team’s analysis and the traffic generated on its communication to the C2 servers.
Additionally, we will perform reverse engineering explanation of the WellMess malware and perform demonstration on its botnet operation.