概要
TryHackMe「MAL: Researching」のWalkthroughです。
Task3
Q1.Name the term for an individual piece of binary
A.Bit
Q2.What are checksums also known as?
A.Hashes
Q3.Name the algorithm that is next in the series after SHA-256
A.SHA-512
Q4.According to this task, how long will you need to hash 6 million files before a MD5 hash collision occurs?
A.100 Years
Q5.Who developed the MD5 algorithm?
A.Ronald Rivest
Task4
Q1.Name the key term for the type of malware that Emotet is classified as
Hint.Look at the room's thumbnail for a hint!
A.trojan
Q2.Research time! What type of emails does Emotet use as its payload?
A.spam emails
Q3.Begin analysing the report, what is the timestamp of when the analysis was made?
Hint.Copy and paste exactly how it is listed on the report
Any.runレポートのAnalysis date項目を確認します。
A.9/16/2019, 13:54:48
Q4.Name the file that is detected as a "Network Trojan"
Behavior activitiesのEMOTET was detectedを確認します。
A.easywindow.exe
Q5.What is the PID of the first HTTP GET request?
Network activityのHTTP requests項目を確認します。
A.2748
Q6.What is the only DNS request that is made after the sample is executed?
DNS requestsの項目を確認します。
A.blockchainjoblist.com
Task5
Q1.Using the HashTab tool, what is the MD5 checksum for "LoginForm.exe"?
Hint.You can copy and paste over RDP!
A.FF395A6D528DC5724BCDE9C844A0EE89
Q2.Using Get-FileHash in Powershell, retrieve the SHA256 of "TryHackMe.exe"
A.6F870C80361062E8631282D31A16872835F7962222457730BC55676A61AD1EE0
Q3.What would be the syntax to retrieve the SHA256 checksum of "TryHackMe.exe" using CertUtil in Powershell?
A.CertUtil -hashfile TryHackMe.exe SHA256
Task6
Q1.Navigate to the "Details" tab, what is the other filename and extension reported as present?
DETAILSのNames項目を確認します。
A.HxD.exe
Q2.In the same "Details" tab, what is the reported compilation timestamp?
Portable Executable InfoのCompilation Timestampを確認します。
A.2020-02-28 11:16:36
Q3.What is the THM{} formatted flag on the report?
Hint.Look through the tabs!
COMMUNITYタブを確認します。
A.THM{TryHackMe_Malware_Series_Research_Flag}