Sample FilesThe files that are available for download here are usually malware, please treat these files accordingly. Malicious samples are packed as zip or 7zip archives with the password infected.
[firstname.lastname@example.org /tmp/2022/malremote/day3/]$ cat exercise6.md
In a previous exercise, we extracted the C2 server address from a FlawedDownloader sample. It was ``` http[:]//92.38.135[.]99/22.b ``` and an online sandbox was able to retrieve a next-stage payload with a SHA256 hash of: ``` 3530b085f7de6d275ed7ac948ece7a463393a55f6c371456b9dc4c6f0da01f8c ``` 1. Take another look at the FlawedDownloader sample with SHA256 hash ``` 25e9af3dd5f04e33b54f562cf6db864e0406e3752c2283d0c4ff6907038da3e2 ``` and determine the algorithm used to decrypt the next-stage payload as well as corresponding cryptographic material. 2. Can you identify its malware family without doing a full deep dive?