Sample Files

The files that are available for download here are usually malware, please treat these files accordingly. Malicious samples are packed as zip or 7zip archives with the password infected.
[ /tmp/2022/malremote/day1/]$ cat
Consider the sample with the following SHA-256 hash: ``` 050f88ce73dbfc7cc3b3fd36357e5da48c61d312be45fec8d64c0c22e61c2673 ``` Hypothetical scenario: A company found this malware on their internet-facing IIS server and needs your halp to determine the ramifications of this infection. Help them answer the follow questions: - What to look for in network logs to determine if the malware successfully communicated with its command & control (C2) server? (Both type of traffic as well as actual C2 domains are interesting here.) - Does this malware implement any lateral movement, i.e. could this have spread to the CEO's computer? - Could this malware have had any impact on the customers of the company? - What is the impact of this malware on a workstation?