Analyze the malware found in Lab11-01.exe.
Q: | 1. What does the malware drop to disk? |
Q: | 2. How does the malware achieve persistence? |
Q: | 3. How does the malware steal user credentials? |
Q: | 4. What does the malware do with stolen credentials? |
Q: | 5. How can you use this malware to get user credentials from your test environment? |
Analyze the malware found in Lab11-02.dll. Assume that a suspicious file
named Lab11-02.ini was also found with this malware.
Q: | 1. What are the exports for this DLL malware? |
Q: | 2. What happens after you attempt to install this malware using
rundll32.exe? |
Q: | 3. Where must Lab11-02.ini reside in order for the malware to install
properly? |
Q: | 4. How is this malware installed for persistence? |
Q: | 5. What user-space rootkit technique does this malware employ? |
Q: | 6. What does the hooking code do? |
Q: | 7. Which process(es) does this malware attack and why? |
Q: | 8. What is the significance of the .ini file? |
Q: | 9. How can you dynamically capture this malware’s activity with Wireshark? |
Analyze the malware found in Lab11-03.exe and
Lab11-03.dll. Make sure that both files are in the same directory during
analysis.
Q: | 1. What interesting analysis leads can you discover using basic static analysis? |
Q: | 2. What happens when you run this malware? |
Q: | 3. How does Lab11-03.exe persistently install
Lab11-03.dll? |
Q: | 4. Which Windows system file does the malware infect? |
Q: | 5. What does Lab11-03.dll do? |
Q: | 6. Where does the malware store the data it collects? |
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.