Thursday, 13 December 2018

HOW TO FIND, IS LINK MALICIOUS/URL OR NOT

Teen Steals $150,000

AUTOMATER:

Automater is a tool to analyze URL, IP, MD5 hash for intrusion analysis. Automater scans the given target by using the set of predefined websites. It uses sites like Virustotal, robtex, etc. Automater uses its default list of websites, so you don’t have to visit these sites individually it actually saves your time. According to ethical hacking researcher of international institute of cyber security it makes the analyzing process easier so that analyzing information can be used in further hacking activities.

Lot of times you come across, where user may get an email asking them to click on a link, and if you are not sure that if the link is malicious or not. In that case you can use automater.

  • FOR LAUNCHING AUTOMATER:-
  • Type automater in linux terminal.
  • Or type automater –help.

==============OUTPUT SNIP=================

  • In the above sceenshot, you can use the above keywords in the query as per requirement in information gathering part.

DOMAIN ANALYSIS:-

  • Type automater facebook.com

  • In the above screenshot after typing automater . You will get the scanned result of targeted domain name.

NOW SCAN WITH THE MALICIOUS SITE:-

  • In the above screenshot, after scanning the target conds.ru, you can see that this domain is included in the blacklist of VirusTotal.

IP ANALYSIS:-

  • Now, you can try by typing an IP address of the target, and see what kind of information it returns.
  • Type automater 157.240.23.35 as shown below.

================OUTPUT SNIP===============

  • In the above screen shot, after scanning the target IP no malware has found.

NOW SCAN WITH MALICIOUS IP:-

=================OUTPUT SNIP================

  • In above screenshot after scanning the target IP 90.156.201.15. You can see VT malware marked in red its a trojandownloader:Win32/Agent.
  • The Trojandownloaderwin32/Agent executes and send information about the computer on which it is installed by attacker.
  • 2018-09-16 is the date when the malware was scanned by virustotal.
  • For searching any string type like-VT Malware and string, simply type Malware name and the string on the internet. It will show the trojan name and the string in the results as shown below.

MD5 HASH ANALYSIS:-

  • Type automater e9de0ffc9614529e73e36d0e0eae6fb9

  • In the above screenshot, the md5- e9de0ffc9614529e73e36d0e0eae6fb9 was used to test if it is malicious or not hence it shows no record found that means it’s not a malicious md5.

NOW SCANNING WITH MALICIOUS MD5 VALUE:-

  • Type automater b2033726c5e95fee0ba08b8c6299ff41 as shown below.

  • In the above screenshot md5 – b2033726c5e95fee0ba08b8c6299ff41 contains malicious files which can harm a computer.

No comments:

Post a Comment