Today I'm going to show you how to see if a file is infected with a RAT or Keylogger.
Things you will need
• Wireshark
• Sandboxie
Once you have downloaded wireshark it should look like this
Underneath the start button click your connection, for me it would be wireless connection. After clicking your connection click start it should look like this.
In the filter box type in "DNS", it should start listening to DNS protocol. After you start listening open up the program that you think might contain a virus.
As you see in the picture a .no-ip.biz pop up. This file contains a RAT. Not everything is going to be ratted it might be binded with a keylogger to find out if it's a keylogger type in "SMTP" or "FTP" in the filter box.
Quick Tip : Scan whatever file on VirusTotal It will scan it with around 50 anti malware and anti viruses programs. Hope this Tutorial helps.
Things you will need
• Wireshark
• Sandboxie
Once you have downloaded wireshark it should look like this
Underneath the start button click your connection, for me it would be wireless connection. After clicking your connection click start it should look like this.
In the filter box type in "DNS", it should start listening to DNS protocol. After you start listening open up the program that you think might contain a virus.
As you see in the picture a .no-ip.biz pop up. This file contains a RAT. Not everything is going to be ratted it might be binded with a keylogger to find out if it's a keylogger type in "SMTP" or "FTP" in the filter box.
Quick Tip : Scan whatever file on VirusTotal It will scan it with around 50 anti malware and anti viruses programs. Hope this Tutorial helps.
