malware analysis assignment lunix

SUPERIOR-PAPERS.COM essay writing company is the ideal place for homework help. If you are looking for affordable, custom-written, high-quality and non-plagiarized papers, your student life just became easier with us. Click the button below to place your order.


Order a Similar Paper Order a Different Paper

CAP 4145 Introduction to Malware Analysis

Assignment 3 – Basic Dynamic Analysis

10 points

Instructions:

  • This is an individual assignment.
  • Answers to all questions must be put into ONE document. That is, every time, each student can only submit one report document, answering all questions of this assignment, if not explicitly stated otherwise.
  • Students must put answers following each question in this assignment. The instructor will not grade a report with only answers in it and the student gets zero for such an assignment. An assignment report must include original questions.
  • Students MUST submit the finished assignment in either Microsoft Word or pdf format to Webcourse. The doc must be submitted as ONE standalone file and cannot be tarred or zipped into a container.
  • All required files or docs must be submitted in one submission (last submission). Note: Blackboard allows unlimited number of submission of one assignment by students.
  • Refer to Print screen on how to take a screenshot. Pressing the Alt key in combination with PrtSc will capture the currently selected window.

WARNING: This assignment contains a malware that works under the latest Windows. Please do not abuse it and run the malware only on the provided sandbox. The instructor is not responsible for any consequence from any abuse.

Problems:

Answer each question following the original question. Do NOT delete the original question.

Lab 3-1

Configure the WINHOST01 VM to run ApateDNS and configure the LINUX01 VM to run inetsim. Please download Lab03-01.7z (password to unzip: malware) from WebCourses under this assignment.

  • Instructions to configure WINHOST01 to run ApateDNS.
  • Instructions to configure LINUX01 to run inetsim.
    • debug.log: debug information in case inetsim is run in debug mode
    • main.log: information logs (services started, stopped, …)
    • service.log: when connections are made against the services, logs are added to this file
  • Basically follow this tutorial, but read the rest of the instructions first.
  • The tutorial requires the installation of .Net Framework 3.5. The required “sxs” folder is provided by the instructor as sxs.7z within Lab03-01.7z. (Note: the instructor downloaded the Windows Server 2016 iso file, mount it, zip the required “sxs” folder to get sxs.7z).
  • Download ApateDNS.
  • Refer to Using INetSim on Kali Linux to configure inetsim. Note: read only the section of Configuring inetsim of this article.
  • Log files are stored in the /var/log/inetsim/ directory:
  • Tips:
  • Use chmod 755 change the property of the folder /var/log/inetsim; otherwise, cannot use cd to change folder.
  • Use sudo to run commands under Kali whenever necessary.

Questions

  • Use ApateDNS and direct network traffic from WINHOST01 to LINUX01. Provide a screenshot of the configured and working ApateDNS following this question. (1 point)
  • Copy and paste the content of service.log following this question. (1 point)

Lab 3-2

Please download Lab03-02.7z (password to unzip: malware) from WebCourses under this assignment.

Questions

  • Run the following tools in Chapter 3 on Lab03-02.exe, and copy and paste the output of the output or screenshot from these tools below. (2 points)
  • What are this malware’s imports and strings? (2 points)
  • What are the malware’s host-based indicators? (2 points)
  • Are there any useful network-based signatures for this malware? If so, what are they? (2 points)

Output from procmon

Output from Process Explorer

Lab03-01.7z

Lab03-02.7z

"Is this question part of your assignment? We can help"

ORDER NOW
Writerbay.net

Got stuck with a writing task? We can help! Use our paper writing service to score better grades and meet your deadlines.

Get 15% discount for your first order


Order a Similar Paper Order a Different Paper
Writerbay.net