Intro to Malware Analysis

• Which team uses malware analysis to look for IOCs and hunt for malware in a network?

threat hunt team

• Which technique is used for analyzing malware without executing it?

Static analysis

• Which technique is used for analyzing malware by executing it and observing its behavior in a controlled environment?

Dynamic analysis

• In the attached VM, there is a sample named 'redline' in the Desktop/Samples directory. What is the md5sum of this sample?

ca2dc5a3f94c4f19334cc8b68f256259

• What is the creation time of this sample?

2020-08-01 02:44:18 UTC

• In the attached VM, there is a sample named 'redline' in the directory Desktop/Samples. What is the entropy of the .text section of this sample?

6.453919

• The sample named 'redline' has five sections. .text, .rdata, .data and .rsrc are four of them. What is the name of the fifth section?

.ndata

• From which dll file does the sample named 'redline' import the RegOpenKeyExW function?

ADVAPI32.dll

• Check the hash of the sample 'redline' on Hybrid analysis and check out the report generated on 14 March 2022. Check the Incident Response section of the report.  How many domains were contacted by the sample?

8

• In the report mentioned above, a text file is created by the sample. What is the name of that text file?

fj4ghga23_fsa.txt

• Which of the techniques discussed above is used to bypass static analysis?

packing

• Which technique discussed above is used to time out a sandbox?

long sleep calls