MAL: Malware Introductory

For this box I used Remmina whilst on Kali.

Link: MAL: Malware Introductory on TryHackMe

Task 1

Question 1

Ah, now I kinda understand...

Answer: No answer needed

Task 2

Question 1

What is the famous example of a targeted attack-esque Malware that targeted Iran?

Answer: Stuxnet

Question 2

What is the name of the Ransomware that used the Eternalblue exploit in a "Mass Campaign" attack?

Answer: WannaCry

Task 3

Question 1

Name the first essential step of a Malware Attack?

Answer: Delivery

Question 2

Now name the second essential step of a Malware Attack?

Answer: Execution

Question 3

What type of signature is used to classify remnants of infection on a host?

Answer: Host-Based Signatures

Question 4

What is the name of the other classification of signature used after a Malware attack?

Answer: Network-Based Signatures

Task 4

Question 1

I understand the two broad categories employed when analysing potential malware!

Answer: No answer needed

Task 5

Question 1

Let's proceed

Answer: No answer needed

Task 6

Question 1

I've logged in!

Answer: No answer needed

Task 7

Question 1

The MD5 Checksum of aws.exe

Answer: D2778164EF643BA8F44CC202EC7EF157

Question 2

The MD5 Checksum of NetLogo.exe

Answer: 59CB421172A89E1E16C11A428326952C

Question 3

The MD5 Checksum of vlc.exe

Answer: 5416BE1B8B04B1681CB39CF0E2CAAD9F

Task 8

Question 1

Does VirusTotal report this MD5 Checksum / file aws.exe as malicious? (Yay/Nay)

Answer: Nay

Question 2

Does VirusTotal report this MD5 Checksum / file NetLogo.exe as malicious? (Yay/Nay)

Answer: Nay

Question 3

Does VirusTotal report this MD5 Checksum / file vlc.exe as malicious? (Yay/Nay)

Answer: Nay

Task 9

The shortcut for PEiD can be found in C:\Users\Analysis\Desktop\Tools\Static\PE Tools

Question 1

What does PeID propose 1DE9176AD682FF.dll being packed with?

Answer: Microsoft Visual C++ 6.0 DLL

Question 2

What does PeID propose AD29AA1B.bin being packed with?

Answer: Microsoft Visual C++ 6.0

Task 10

Question 1

What packer does PeID report file "6F431F46547DB2628" to be packed with?

Answer: FSG 1.0 -> dulek/xt

Task 11

IDA is located in C:\Users\Analysis\Desktop\Tools\Static\Disassembley [.sic]

Question 1

Cursed obfuscation!

Answer: No answer needed

Task 12

Question 1

What is the URL that is outputted after using "strings"

Answer: practicalmalwareanalysis.com

Question 2

How many unique "Imports" are there?

(PE Explorer can be found in C:\Users\Analysis\Desktop\Tools\Static\PE Tools)

Answer: 5

Task 13

Question 1

How many references are there to the library "msi" in the "Imports" tab of IDA Freeware for "install.exe"

Answer: 9

Task 14

Question 1

What is the MD5 Checksum of the file?

Answer: F5BD8E6DC6782ED4DFA62B8215BDC429

Question 2

Does VirusTotal report this file as malicious? (Yay/Nay)

Answer: Yay

Question 3

Output the strings using Sysinternals "strings" tool.

What is the last string outputted?

Answer: d:h:

Question 4

What is the output of PeID when trying to detect what packer is used by the file?

Answer: Nothing found *