Hello agent 0x00, welcome to the malware analysis training grounds. You are now being trained to become part of the most sophisticated malware analysis teams in the NSA.
To fully prepare you for the battlefield, we have created this small course for you to complete.
We have extracted this low grade sample from a cyber crime gang operating in Sudan.
We would like you to take a look at this sample and extract any meaningful artifacts from it.
Attached below is a malware sample that I’ve created, please run it in an appropriate Virtual Machine.
You must do the following tasks and please be verbose as possible:
Extract any host based indicators
- Does the sample drop any files on disk? If yes where?
- If a file is dropped, what is the contents of it?
- How does the sample manage to “waste” debugging time? (Use a debugger for this one)
Extract any network based indicators
- Does this sample connect to any website? if it does what is the host name of that website?
You can use any tools in your arsenal.