Room NAme: MAL: Researching Room Link: https://tryhackme.com/room/malresearching
Name the term for an individual piece of binary
Bit
What are checksums also known as?
Hashes
Name the algorithm that is next in the series after SHA-256
SHA-512
According to this task, how long will you need to hash 6 million files before a MD5 hash collision occurs?
100 Years
Who developed the MD5 algorithm?
Ronald Rivest
Name the key term for the type of malware that Emotet is classified as
Trojan
Research time! What type of emails does Emotet use as its payload?
spam emails
Begin analysing the report, what is the timestamp of when the analysis was made?
9/16/2019, 13:54:48
Name the file that is detected as a "Network Trojan"
easywindow.exe
What is the PID of the first HTTP GET request?
2748
What is the only DNS request that is made after the sample is executed?
blockchainjoblist.com
Using the HashTab tool, what is the MD5 checksum for "LoginForm.exe"?
FF395A6D528DC5724BCDE9C844A0EE89
Using Get-FileHash in Powershell, retrieve the SHA256 of "TryHackMe.exe"
6F870C80361062E8631282D31A16872835F7962222457730BC55676A61AD1EE0
What would be the syntax to retrieve the SHA256 checksum of "TryHackMe.exe" using CertUtil in Powershell?
CertUtil -hashfile TryHackMe.exe SHA256
Navigate to the "Details" tab, what is the other filename and extension reported as present?
HxD.exe
In the same "Details" tab, what is the reported compilation timestamp?
2020-02-28 11:16:36
What is the THM{} formatted flag on the report?
THM{TryHackMe_Malware_Series_Research_Flag}