00:01
In this question, here are some key points regarding how the socket to which an ip address is becoming for a file with an effective password might be determined.
00:11
So, the first point is command and control c2 server.
00:15
Malware often communicates with remote server known as command and control server and c2 server is operated by attackers and serves as a center point for sending and receiving instructions to and from the infected machine.
00:32
Next one is hard -coded information.
00:35
So, the malware may contain hard -coded information about the ip address and port socket of c2 server.
00:43
So, this information is typically embedded in malware code and used by infected system to establish a communication.
00:51
Next point is dynamic resolution.
00:53
So, in some cases, the malware might dynamically resolve the ip address of the c2 server using the domain name.
00:59
This allows attackers to change the server's ip address without modifying the malware itself.
01:04
Next point is domain generation algorithm...