If the issue is about how to solve the question, please use our Discord server.
A company’s employee joined a fake iPhone giveaway. Our team took a disk image of the employee's system for further analysis.
As a security analyst, you are tasked to identify how the system was compromised.
What is the hostname of the victim machine?
What is the messaging app installed on the victim machine?
The attacker tricked the victim into downloading a malicious document. Provide the full download URL.
Multiple streams contain macros in the document. Provide the number of the highest stream.
The macro executed a program. Provide the program name?
The macro downloaded a malicious file. Provide the full download URL.
Where was the malicious file downloaded to? (Provide the full path)
What is the name of the framework used to create the malware?
What is the attacker's IP address?
The fake giveaway used a login page to collect user information. Provide the full URL of the login page?
What is the password the user submitted to the login page?