By using MalwareCMDMonitor python script, you can observe the commands of the latest malware instances executed on hybrid-analysis.com sandbox. In a nutshell, it downloads the HA feed and then retrieves commands of unseen instances; the ones that did not appear in the previous feeds.
Also ReadJava-Stager : A PoC To Download, Compile & Execute A Java File In Memory
To run the script
python hybrid_analysis.py
However, if you want to run the script on a regular basis, you can use –daemon (or -d for short) switch.
python hybrid_analysis.py --daemon
Running the above command results in getting the feed every hour. To change the interval, you can use –cycle (or -c) and specify the number of minutes the script must wait before retrieving the feed again.
python hybrid_analysis.py --daemon --cycle 120
In the above example, the script sleeps for 2 hours between each feed retrieval. Moreover, you can use –output (or -o) to specify the output file that you want to store the results. By default, the output is written on the console.
python hybrid_analysis.py --daemon --cycle 120 --output "c:\test\ha - cmd.log"
Last but not least, you can see all the switches by using –help (or -h)
python hybrid_analysis.py -h
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…