Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

a.Use VirusTotal (http://www.virustotal.com) to learn more about the other files. Search the SHA256 hash recorded above. Based on the output of VirusTotal and the empty

a.Use VirusTotal (http://www.virustotal.com) to learn more about the other files. Search the SHA256 hash recorded above. Based on the output of VirusTotal and the empty user agent found in the HTTP GET request present in the PCAP, what is likely the way the infection (executable download) took place?

VirusTotal:

URL: http://www.virustotal.com

( _____ / 2 pts)

____________________________________________________________________________________

____________________________________________________________________________________

b.The provided PCAP contains yet another infection related to a fake anti-virus page. Can you find it? Provide details, if so.( _____ / 2 pts)

Hint: Careful on who you call for help.

____________________________________________________________________________________

____________________________________________________________________________________

c.Provide a summary of your findings. (12 pts total)( _____ / 2 pts)

Executive Summary: (3 pts)

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

Infected host: (3 pts)

Date/time: _______________________________________________________________________________

IP address: ______________________________________________________________________________

MAC address: ____________________________________________________________________________

Host name: ______________________________________________________________________________

Indicators for the Chthonic banking Trojan: (3pts)

File URL: ________________________________________________________________________________

File description:___________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

Indicators for the fake anti-virus page: (3pts)

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Computer Networks

Authors: Andrew S. Tanenbaum, David J. Wetherall

5th edition

132126958, 978-0132126953

More Books

Students also viewed these Computer Network questions

Question

=+b) In which application is a larger length used?

Answered: 1 week ago

Question

the basis of a partner's partnership interest is increased by:

Answered: 1 week ago