Finding Malware

Using Teleseer to find malware via malicious file transfers

Overview

Often times, malware is transferred to an end user's machine via a file transfer (FTP, HTTP, SMB, etc).

Teleseer easily visualizes these events within the Timeline and Inspector panels.

Example

For this example, we'll be using a Trickbot collection from Unit 42: Wireshark Tutorial: Examining Trickbot Infections

  1. Load the collection file into Teleseer
  2. View the new Project
Trickbot Project

Trickbot Project

  1. Expand the Timeline > Events section
File Transfer Events

File Transfer Events

  1. Select the File Transfer Event
  2. Hover over the Selected Event within the Inspector panel
File Transfer hover

File Transfer hover

📘

Trickbot executable

phn34ycjtghm.exe is a known trickbot executable.

Hash lookups coming soon!