Sample FilesThe files that are available for download here are usually malware, please treat these files accordingly. Malicious samples are packed as zip or 7zip archives with the password infected.
[email@example.com /tmp/2021/malremote/tag1/]$ cat exercise2.md
Consider the sample with the following SHA-256 hash: ``` 050f88ce73dbfc7cc3b3fd36357e5da48c61d312be45fec8d64c0c22e61c2673 ``` Hypothetical scenario: A company found this malware on their internet-facing IIS server and needs your halp to determine the ramifications of this infection. Help them answer the follow questions: - What to look for in network logs to determine if the malware successfully communicated with its command & control (C2) server? (Both type of traffic as well as actual C2 domains are interesting here.) - Does this malware implement any lateral movement, i.e. could this have spread to the CEO's computer? - Could this malware have had any impact on the customers of the company? - What is the impact of this malware on a workstation?