Malware Dynamic Analysis with FakeNet-NG
FakeNet-NG is a tool that can be used as network simulator. This tool can let you observe the network activity of the sample you are analyzing that is connecting outside your isolated environment. It also logs a pcap file after and can be found inside the FakeNet directory.
Using FakeNet as a network simulator can give us rich information. It also generates a pcap file inside the FakeNet directory when the executable is terminated.
In our sample, FakeNet logs the http communication of a sample connecting outside the environment, and this artifact can be used as a network based IOC.