search
githubEdit

Tasks

hashtag
Gain Access using Trojans

hashtag
njRAT RAT Trojan

Use the Windows 11 machine (10.10.1.11) as the attacker machine and the Windows Server 2022 machine (10.10.1.22) as the victim machine. Run the njRAT Trojan from the attacker machine and gain control over the victim machine. What is the default port used for njRAT?

5552

Use the Windows 11 machine (10.10.1.11) as the attacker machine and the Windows Server 2022 machine (10.10.1.22) as the victim machine. Enter the Host Name of the victim machine displayed in njRAT Remote Shell.

Server2022

hashtag
Hide Trojan

hashtag
SwayzCryptor

On the Windows 11 machine, create a Trojan server using njRAT. Use SwayzCryptor to encrypt the Trojan server file and check if encryption makes the file undetectable to antivirus programs (answer “Yes” if SwayzCryptor makes the Trojan undetectable or “No” otherwise).

Yes

hashtag
Theef RAT Trojan

Use the Windows 11 machine (10.10.1.11) as the attacker machine and the Windows Server 2022 machine (10.10.1.22) as the victim machine. Create a Trojan server using the Theef RAT Trojan to control the victim machine remotely. Run the Theef server on the victim machine and the Theef client on the attacker machine. The Theef client and server files are available in the directory E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Trojans Types\Remote Access Trojans (RAT)\Theef on the attacker machine. What is the default port used in Theef?

6703

hashtag
Infect the Target System using a Virus

hashtag
JPS Virus Maker Tool

In the Windows 11 machine, create a virus using the JPS Virus Maker tool and infect the Windows Server 2019 machine. What is the default custom website used by JPS Virus Maker 4.0?

http://kernel32.irkernel32.irchevron-right

hashtag
Static Malware Analysis

hashtag
Malware Scanning

Analyze malware using online Hybrid Analysis services. What the name of the Analysis Environment that was selected in this task?

Windows 7 64 bit

LogoFree Automated Malware Analysis Service - powered by Falcon Sandboxwww.hybrid-analysis.comchevron-right

Analyze malware using online Hybrid Analysis services. Enter the name of the malicious file that was uploaded for analysis in this lab.

tini.exe

hashtag
Strings Search

hashtag
BinText

Perform a string search on the file face.exe located at E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Viruses\Klez Virus Live! on the Windows 11 machine. What is the size of the text detected in the file?

4240 bytes

hashtag
Identify Packaging and Obfuscation Methods

hashtag
PEid

Analyze the file face.exe located at E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Viruses\Klez Virus Live! on the Windows 11 machine to identify packaging and obfuscation methods. What is the subsystem found in the PEiD analysis for Face.exe?

Win32 GUI

hashtag
Analyze ELF Executable File

hashtag
Detect It Easy (DIE)

Detect a file’s compiler, linker, packer, etc. using Detect It Easy (DIE). Enter the name of the operating system that was detected from the ELF file in this task.

Red Hat Linux

hashtag
Find the Portable Executable Information

hashtag
PE Explorer

Use PE Explorer to analyze the file face.exe located at E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Viruses\Klez Virus Live! on the Windows 11 machine. What is the address of the entry point for the file face.exe?

00408458h

hashtag
Identify File Dependencies

hashtag
Dependency Walker

Use the Dependency Walker tool to analyze the executable snoopy.exe located in the directory E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Viruses\Klez Virus Live! on the Windows 11 machine and identify the file dependencies of the executable file. Apart from KERNEL32.DLL, ADVAPI32.DLL, and WS2_32.DLL, what is the fourth DLL dependency?

MPR.DLL

hashtag
Perform Malware Disassembly

On the Windows 11 machine, use the IDA tool to analyze the file face.exe located in the directory E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Viruses\Klez Virus Live!. What is the first subroutine function identified by IDA?

sub_401000

hashtag
Tools

  • IDA

  • OllyDbg

hashtag
Ghidra

Use Ghidra to perform malware disassembly and find out the compiler ID of face.exe file.

windows

hashtag
Dynamic Malware Analysis

hashtag
Port Monitoring

Run njRAT from the attacker machine (Windows 11) and gain control over the victim machine (Windows Server 2022). On the Windows Server 2022 machine, use the TCPView tool to find the connections created by the Trojan. What is the remote port used by the Trojan server?

5552

hashtag
Tools

  • TCPView

  • CurrPorts

hashtag
Process Monitoring

hashtag
Process Monitor

Run njRAT from the attacker machine (Windows 11) and gain control over the victim machine (Windows Server 2022). On the Windows Server 2022 machine, use Process Monitor to detect suspicious processes created by the Trojan server and identify the registry path of the Trojan executable. Flag submission is not required for this task, enter "No flag" as the answer.

No flag

hashtag
Registry Monitoring

hashtag
Reg Organizer

Use the registry monitoring tool Reg Organizer to scan the registry values for any changes. Flag submission is not required for this task, enter "No flag" as the answer.

No flag

hashtag
Windows Services Monitoring

hashtag
Windows Service Manager (SrvMan)

On the Windows 11 machine, use the Windows Service Manager (SrvMan) tool to check for suspicious windows services. Flag submission is not required for this task, enter "No flag" as the answer.

No flag

hashtag
Startup Program Monitoring

hashtag
Tools

  • Autoruns for Windows

  • WinPatrol

On the Windows 11 machine, use Autorun for the Windows and WinPatrol tools to monitor startup programs. Which tab in the WinPatrol tool shows all toolbars and links loaded in the system by IE or other Windows components?

IE Helpers

hashtag
Installation Monitoring

hashtag
Mirekusoft Install Monitor

On the Windows 11 machine, use the Mirekusoft Install Monitor tool to detect hidden and background installations. If a person uninstalls any application from the system but fails to delete it from the hard drive, will they be able to view the application in Mirekusoft Install Monitor? (Yes/No)

No

hashtag
Files and Folder Monitoring

hashtag
PA File Sight

Install PA File Sight’s central monitoring service on the Windows 11 machine and configure it to monitor file integrity on the Windows Server 2022 remote machine. What is the default port used by the central monitoring service?

8000

hashtag
Device Driver Monitoring

hashtag
Tools

  • DriverView

  • Driver Reviver

On the Windows 11 machine, use the tools DriverView and Driver Reviver to monitor device drivers. Flag submission is not required for this task, enter "No flag" as the answer.

No flag

hashtag
DNS Monitoring

hashtag
DNSQuerySniffer

On the Windows 11 machine, use DNSQuerySniffer to monitor DNS queries to a DNS server. Flag submission is not required for this task, enter "No flag" as the answer.

No flag

Previous*️ Malware AnalysisNextSniffing

Last updated