Forensic
Command & Control - level 4
Well, it looks like I have found the connections that had been established but none of the IPs seems correct.
Can someone help me? I am looking for connections made by the malware, no? Also, there are like on 3 programs that generated any traffic what so ever, right?
Command & Control - level 4
I’m on the same boat as you. From the last one, C&C3 I know the PID of the malicious software, (Starts and ends with "2" if I’m right), so I use the netscan tool on Volatility and look for that PID. I find it, but its wrong apparently. =C The IP should be an internal one since this is an "internal server" but no luck yet!
Command & Control - level 4
I’ve reengineered the malware and I ḱnow exactly what it does (one of 4 destinations exists), but the IP:PORT doesn’t validate. The "internal server"-thing is bit confusing. All I can see is an internal gateway (avast) on port 12080.
Edit: nvm. I found it finally