TRACE A RATTER
Requirements:-
1:-
Wireshark.
2:-
processhacker.
3:- SandboxieInstallTo trace a RATTER first of all we need that if we have potential RAT server in our system. Don’t open it directly by double click install Sandboxie in your pc and open the RAT Trojan file with Sandboxie. It will appear as different service in the Processhacker.
Here we have the RAT server we have to open it with the Sandboxie. To explore its process in the processHacker
Now it will appear as a separate process in the process explorer now we have to trace that process. Keep it in running till the tracing process is running on the wireshark.
Start the capturing of the packets through which your RAT server is responding to its dedicated host address over the web.
While it capturing the packets we have to filter the packets related with the DNS protocol from the all transactions where we will get the Temporary DNS Host Address location and the IP Address of the server to which the RAT installed on our server is responding.
here we have the IP and DNS Name of the Hosting at NO-IP.COM.
Now keep the record of the IP Address and the Host Address of the RAT by copying the records from the transactions
Now we have all the tracks which
need to report the website which is being used by the RAT poisoner for
spreading of the malicious file over the internet. Now we can directly report
to the website with the appropriate snapshots which resembling with the records
of the website.
To report to the website just
browse to the official webpage of the website and follow the following steps.
Browse
for the support page.
2 Go
to ABUSE@NO-IP.COM.
3 Submit
all the proofed links or snapshots regarding your complain.
4 Tell
them what harm you got because the services of their website.
5 Trace
the attacker with the help of that websites Logs (further procedure with the
help of website.)
.png)
.png)
