Question
a.Use VirusTotal (http://www.virustotal.com) to learn more about the other files. Search the SHA256 hash recorded above. Based on the output of VirusTotal and the empty
a.Use VirusTotal (http://www.virustotal.com) to learn more about the other files. Search the SHA256 hash recorded above. Based on the output of VirusTotal and the empty user agent found in the HTTP GET request present in the PCAP, what is likely the way the infection (executable download) took place?
VirusTotal:
URL: http://www.virustotal.com
( _____ / 2 pts)
____________________________________________________________________________________
____________________________________________________________________________________
b.The provided PCAP contains yet another infection related to a fake anti-virus page. Can you find it? Provide details, if so.( _____ / 2 pts)
Hint: Careful on who you call for help.
____________________________________________________________________________________
____________________________________________________________________________________
c.Provide a summary of your findings. (12 pts total)( _____ / 2 pts)
Executive Summary: (3 pts)
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
Infected host: (3 pts)
Date/time: _______________________________________________________________________________
IP address: ______________________________________________________________________________
MAC address: ____________________________________________________________________________
Host name: ______________________________________________________________________________
Indicators for the Chthonic banking Trojan: (3pts)
File URL: ________________________________________________________________________________
File description:___________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
Indicators for the fake anti-virus page: (3pts)
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started