Professional Documents
Culture Documents
SYSTEMBC RAT Malware Analysis
SYSTEMBC RAT Malware Analysis
TROJAN MALWARE
ANALYSIS
EKRMA ELNOUR
Outlines
1.BACKGROUND
SETTING UP THE
DYNAMIC ANALYSIS
STATISTICAL ANALYSIS Analysis after running the malware CONCLUSION
Analysis before running the malware summary of the process and findings
05
04 06
1
Introduction
RAT
Malware
01 MALWARE
malicious software is intrusive software that
is a contraction for .
02 RAT
Root Access Trojans used to infect computer
3
Tools
these are the main tools used during the
analysis process
REMnux VM
INetsim
Virus-total
FLARE VM
Wireshark
RegShot
proc_watch
8
Setting-up the Environment
Memory Memory
4 GB the windows 10 and one after configuring the FLARE. 2 GB
Disk Disk
60 GB 60 GB
Processors Processors
2 cores (from Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz 2.81 GHz) 2 cores (from Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz 2.81 GHz)
Network Network
NAT (IP address 10.0.0.3- Default Gateway 10.0.0.2) NAT (IP 10.0.0.2)
6
STATISTICAL ANALYSIS
calculate the hash and upload
file
network trojan.
01 02 03 04
the PEstudio show that there
activities. confirmed
14
DYNAMIC ANALYSIS
a registry shot has been taken
process monitoring software
task schedule. .
05 06 07 08
Process Monitor has been
The software tested during the writing of this report found to have malicious.
The malware has been first compiled on Fri Sep 13 20:22:07 2019 UTC.
55
malware creates an executable in the path C:\ProgramData\trcn\ kexvi.exe this
The nine IP’s that has been reported as malicious. flagged this file as malicious
The later part of the behavior had not been tested due to the environment
5
References https://www.cisco.com/c/en/us/products/security/advance
d-malware-protection/what-is-malware.html
https://www.sans.org/tools/remnux/
https://www.wireshark.org
https://www.inetsim.org/downloads.html