LetsDefend Challenge Malware Analysis: Remote Working
LetsDefend Challenge Malware Analysis: Remote Working
- What is the date the file was created?
- With what name is the file detected by Bitdefender antivirus?
- How many files are dropped on the disk?
- What is the sha-256 hash of the file with emf extension it drops?
- What is the exact url to which the relevant file goes to download spyware?
What is the date the file was created?
貰ったファイルにexiftoolを使った.
$ exiftool ORDER\ SHEET\ \&\ SPEC.xlsm (snip) Create Date : 2020:02:01 18:28:07Z
A: 2020-02-01 18:28:07
With what name is the file detected by Bitdefender antivirus?
virus totalで貰ったファイルのハッシュを検索する.
A: Trojan.GenericKD.36266294
How many files are dropped on the disk?
virus totalでは分からなかったので,JoeSandboxで検索する.
おそらく以上の3つのファイル.
A: 3
What is the sha-256 hash of the file with emf extension it drops?
先ほど挙げたemfファイルのsha256
A: 979DDE2AED02F077C16AE53546C6DF9EED40E8386D6DB6FC36AEE9F966D2CB82
What is the exact url to which the relevant file goes to download spyware?
先ほどの,Podaliri4.exeをどこからダウンロードしてきたかということだと思うので.