Botnets and RATs : Precautionary Measures and Detection (Part 2)

Dec 19, 2015 07:32 AM
Dec 19, 2015 07:36 AM
635860785975489623.jpg

Hola my fellow hackers! I promised you the tutorials on setting up RAT's and Botnets, but before jumping into those, i want you to know about the precautionary measures and detection of RATs which might be on the system without your prior knowledge. Of course the Anti-virus do most of the job but there are some RATs which slips past the Anti-viruses (This is where Hacker's skill come into play).

Today i'll introduce you to few tools which helps in the above mentioned tasks. The tutorials i'll be doing will be on Windows platform since most of the RATs are designed for Windows which has 92% worldwide users.

Sandboxie :

Sandboxie is a sandbox-based isolation program developed by Invincea for Windows. It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying the local or mapped drive. Consider this as a box inside the system which is completely isolated. You can run any program without causing permanent damage to system memory. This is used to analyse malware and RATs.

635850648856064813.jpg

You can download the Sandboxie from their official page http://www.sandboxie.com/index.php?DownloadSandboxie. Go ahead and install it. Now open the Sandboxie application.

It will show a window titles Sandboxie control. This is the main Sandboxie window with no programs running inside it.

635851424073736782.jpg

You can open up any suspicious program by simply right clicking and select 'run sandboxed'. The program will run in an isolated environment and all the activities can be recorded and easily find out if the sandboxed application is programmed to drop any additional files.

635853745259631038.jpg

The program i executed is the RAT. Now that i've run the program, i can analyse the sandbox if it has dropped any file by checking the registry, system files etc. This can be done manually or by using the automated tools like Buster sandbox analyser.

Note : To bypass the Anti-Sandboxie that some malware uses, you need to disable the Sandboxie indicator that is in the titles of windows running in Sandboxie "#".

To do this go to Sandboxie>Rick-click on your sandbox>Sandbox Settings>Appearance>check "Don't show Sandboxie indicator".

PS : Keep in mind that if you receive an error, and your program is unable to run in Sandboxie, it is most likely that it's a virus and has anti-sandboxie programmed. DO NOT run it outside.

That's it for today. Since i'm caught up with my semester exams, i apologize for the delay. Have a good day everyone and Merry Christmas!

Comments

No Comments Exist

Be the first, drop a comment!