Professional Documents
Culture Documents
Remote Working
Remote Working
Remote Working
STUDENT:TOGRUL ASGERLI
INSTRUCTOR:IBRAHIM ALIYEV
Firstly, download the file and unzip we could get .xls file.
Then upload file to virus total website we can get more
information about the malware .
-2020-02-01 18:28:07
-Trojan.GenericKD.36266294
3)How many files are dropped on the disk?
Going to relations section and looking to dropped files we
can see 3 files dropped with this malware.
-3
4)What is the sha-256 hash of the file with emf extension
it drops?
In our previous question we can see A1E16AF5.emf file
has emf extension and click to this file we can see
sha-256 hash.
979dde2aed02f077c16ae53546c6df9eed40e8386d6db6f
c36aee9f966d2cb82
5)What is the exact url to which the relevant file goes to
download spyware?
In relations section we can see to url which malware
visited and second url contain .exe so it is used for file
download.
https://multiwaretecnologia.com.br/js/Podaliri4.exe