Unfortunately, I cannot analyse malware with Wireshark, I do not have a safe environment to perform this test, but I simulated how the Wireshark can be used to analyse a malware:
Start the Wireshark on Capture mode in a safe environment and run the malware. The program will collect all data sent and received, be possible to analyse what is the behaviour of the malware.
In this image is possible to see the (three-way handshake) on the green line, which means the website completed all the processes of receiving, checking and confirming. Also, we can see the IP of the source and the IP of the Destination and make it possible to track all routes of the malware.
Comments
Post a Comment