Created by SMN666
Link for this room: tryhackme.com/room/malresearching
Task 1: No answer needed.
Task 2: No answer needed.
Task 3:
Name the term for an individual piece of binary:
Bit
What are checksums also known as? :
Hashes
Name the algorithm that is next in the series after SHA-256:
SHA-256
According to this task, how long will you need to hash 6 million files before a MD5 hash collision occurs?
100 Years
Who developed the MD5 algorithm?
Ronald Rivest
Task 4 :
Name the key term for the type of malware that Emotet is classified as :
Trojan
Research time! What type of emails does Emotet use as its payload?
Spam emails
Begin analyzing the report, what is the timestamp of when the analysis was made?
9/16/2019, 13:54:48
Name the file that is detected as a “Network Trojan”.
Easywindow.exe
What is the PID of the first HTTP GET request?
2748
What is the only DNS request that is made after the sample is executed?
Blockchainjoblist.com
Task 5:
Using the HashTab tool, what is the MD5 checksum for “LoginForm.exe”?
FF395A6D528DC5724BCDE9C844A0EE89
Using Get-FileHash in PowerShell, retrieve the SHA256 of “TryHackMe.exe”
6F870C80361062E8631282D31A16872835F7962222457730BC55676A61AD1EE0
What would be the syntax to retrieve the SHA256 checksum of “TryHackMe.exe” using CertUtil in Powershell?
CertUtil -hashfile TryHackMe.exe SHA256
Task 6 :
Navigate to the “Details” tab, what is the other filename and extension reported as present?
HxD.exe
In the same “Details” tab, what is the reported compilation timestamp?
2020–02–28 11:16:36
What is the THM{} formatted flag on the report?
THM{TryHackMe_Malware_Series_Research_Flag}
Reading References :
https://dl.acm.org/doi/book/10.5555/1209579
https://shattered.io/static/shattered.pdf
https://oldblog.cmnatic.co.uk/posts/so-you-want-to-analyse-malware/