HKTL_SHARK.GA

This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be manually installed by a user.

Arrival Details

This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It may be manually installed by a user.

Installation

This Hacking Tool drops the following files:

• {full path of malware}\bios.txt - contains the IP addresses of hosts that replied to the malware's SYN packet

Other Details

This Hacking Tool does the following:

• This hacking tool is a SYN Scanner. Used to determine the state of a host's communication port without establishing a full connection.
• The hacking tool accepts the following parameters:
  • ./{filename} [-a | -b ] [-i ]
    • target port: port where SYN packets will be sent to test port state
    • a class (optional): Class A network that will be scanned
    • b class (optional): Class B network that will be scanned
    • interface (optional): network interface where SYN packets will be sent from
    • speed (optional): rate in which SYN packets will be sent.
• Note: If no a class and b class parameters are provided, the SYN scanner will send packets to random IP addresses