-
Notifications
You must be signed in to change notification settings - Fork 1
Writeup: MAL: Malware Introductory
For this box I used Remmina whilst on Kali.
Link: MAL: Malware Introductory on TryHackMe
Ah, now I kinda understand...
Answer: No answer needed
What is the famous example of a targeted attack-esque Malware that targeted Iran?
Answer: Stuxnet
What is the name of the Ransomware that used the Eternalblue exploit in a "Mass Campaign" attack?
Answer: WannaCry
Name the first essential step of a Malware Attack?
Answer: Delivery
Now name the second essential step of a Malware Attack?
Answer: Execution
What type of signature is used to classify remnants of infection on a host?
Answer: Host-Based Signatures
What is the name of the other classification of signature used after a Malware attack?
Answer: Network-Based Signatures
I understand the two broad categories employed when analysing potential malware!
Answer: No answer needed
Let's proceed
Answer: No answer needed
I've logged in!
Answer: No answer needed
The MD5 Checksum of aws.exe
Answer: D2778164EF643BA8F44CC202EC7EF157
The MD5 Checksum of NetLogo.exe
Answer: 59CB421172A89E1E16C11A428326952C
The MD5 Checksum of vlc.exe
Answer: 5416BE1B8B04B1681CB39CF0E2CAAD9F
Does VirusTotal report this MD5 Checksum / file aws.exe as malicious? (Yay/Nay)
Answer: Nay
Does VirusTotal report this MD5 Checksum / file NetLogo.exe as malicious? (Yay/Nay)
Answer: Nay
Does VirusTotal report this MD5 Checksum / file vlc.exe as malicious? (Yay/Nay)
Answer: Nay
The shortcut for PEiD can be found in C:\Users\Analysis\Desktop\Tools\Static\PE Tools
What does PeID propose 1DE9176AD682FF.dll
being packed with?
Answer: Microsoft Visual C++ 6.0 DLL
What does PeID propose AD29AA1B.bin
being packed with?
Answer: Microsoft Visual C++ 6.0
What packer does PeID report file "6F431F46547DB2628" to be packed with?
Answer: FSG 1.0 -> dulek/xt
IDA is located in C:\Users\Analysis\Desktop\Tools\Static\Disassembley
[.sic]
Cursed obfuscation!
Answer: No answer needed
What is the URL that is outputted after using "strings"
Answer: practicalmalwareanalysis.com
How many unique "Imports" are there?
(PE Explorer can be found in C:\Users\Analysis\Desktop\Tools\Static\PE Tools
)
Answer: 5
How many references are there to the library "msi" in the "Imports" tab of IDA Freeware for "install.exe"
Answer: 9
What is the MD5 Checksum of the file?
Answer: F5BD8E6DC6782ED4DFA62B8215BDC429
Does VirusTotal report this file as malicious? (Yay/Nay)
Answer: Yay
Output the strings using Sysinternals "strings" tool.
What is the last string outputted?
Answer: d:h:
What is the output of PeID when trying to detect what packer is used by the file?
Answer: Nothing found *