By using MalwareCMDMonitor python script, you can observe the commands of the latest malware instances executed on hybrid-analysis.com sandbox. In a nutshell, it downloads the HA feed and then retrieves commands of unseen instances; the ones that did not appear in the previous feeds.
Also ReadJava-Stager : A PoC To Download, Compile & Execute A Java File In Memory
To run the script
python hybrid_analysis.py
However, if you want to run the script on a regular basis, you can use –daemon (or -d for short) switch.
python hybrid_analysis.py --daemon
Running the above command results in getting the feed every hour. To change the interval, you can use –cycle (or -c) and specify the number of minutes the script must wait before retrieving the feed again.
python hybrid_analysis.py --daemon --cycle 120
In the above example, the script sleeps for 2 hours between each feed retrieval. Moreover, you can use –output (or -o) to specify the output file that you want to store the results. By default, the output is written on the console.
python hybrid_analysis.py --daemon --cycle 120 --output "c:\test\ha - cmd.log"
Last but not least, you can see all the switches by using –help (or -h)
python hybrid_analysis.py -h
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…
Embark on the journey of becoming a certified Red Team professional with our definitive guide.…
This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…
This took me like 4 days (+2 days for an update), but I got it…
MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…