Assignment Detail

Tutors

Malware analysis

    Answered

    Assignment Instructions

    Project 2: Malware 1 (Phase I)

    Malware Analysis (Project 2)

    Phase I – Malware 1

    You should answer the following questions about Malware 1 with True or False.

    Item at position 1
    A. Malware sets itself to run whenever Windows starts up
    True
    False

    Item at position 2
    B. Malware looks up the computer name (possibly doing some reconnaissance)
    True
    False

    Item at position 3
    C. Potentially looks through Microsoft Outlook address book contents
    True
    False

    Item at position 4
    D. Creates and executes a Visual Basic Script (VBS) called “WinVBS.vbs”
    True
    False

    Item at position 5
    .E. Prevents users from accessing registry tools
    True
    False

    Item at position 6
    F. Hides all drives on computer
    True
    False

    Item at position 7
    G. Prevents users from changing remote administrator settings
    True
    False

    Item at position 8
    H. Searches for all possible drives on computer
    True
    False

    Item at position 9
    I. Checks for its privileges (this isn’t inherently malicious, but the malware possibly performs some different behaviors if it has the proper permissions to do so)
    True
    False

    Item at position 10
    J. Hooks the keyboard (potentially a keylogger)
    True
    False

    Item at position 11
    K. Hooks the mouse
    True
    False

    Item at position 12
    L. Potentially monitors messages before they appear in a window to the user (possible reconnaissance)
    True
    False

    Item at position 13
    M. Communicates with external hosts via IP addresses or domain names, possibly indicative of C2 activity.
    True
    False

    Item at position 14
    .N. Retrieves the current user’s username
    True
    False

    Item at position 15
    O. Adds mutex for Eclipse DDoS malware
    True
    False

    Item at position 16
    P. Adds mutex for IPKillerClient malware
    True
    False

    Item at position 17
    Q. Adds mutex for DarkDDoSer malware
    True
    False

    Item at position 18
    R. Contacts various SMTP servers (possibly for spamming)
    True
    False

    Item at position 19
    S. Copies potentially malicious files to the device.
    True
    False

    Item at position 20
    .T. Adds a malicious cryptographic certificate to the system.
    True
    False

    Project 2: Malware 2 (Phase I)
    Malware Analysis (Project 2)
    Phase I – Malware 2

    You should answer the following questions about Malware 2 with True or False.

    Item at position 1
    A. Malware sets itself to run whenever Windows starts up
    True
    False

    Item at position 2
    B. Malware looks up the computer name (possibly doing some reconnaissance)
    True
    False

    Item at position 3
    C. Potentially looks through Microsoft Outlook address book contents
    True
    False

    Item at position 4
    D. Creates and executes a Visual Basic Script (VBS) called “WinVBS.vbs”
    True
    False

    Item at position 5
    E. Prevents users from accessing registry tools
    True
    False

    Item at position 6
    F. Hides all drives on computer
    True
    False

    Item at position 7
    G. Prevents users from changing remote administrator settings
    True
    False

    Item at position 8
    .H. Searches for all possible drives on computer
    True
    False

    Item at position 9
    I. Checks for its privileges (this isn’t inherently malicious, but the malware possibly performs some different behaviors if it has the proper permissions to do so)
    True
    False

    Item at position 10
    J. Hooks the keyboard (potentially a keylogger)
    True
    False

    Item at position 11
    K. Hooks the mouse
    True
    False

    Item at position 12
    L. Potentially monitors messages before they appear in a window to the user (possible reconnaissance)
    True
    False

    Item at position 13
    M. Communicates with external hosts via IP addresses or domain names, possibly indicative of C2 activity.
    True
    False

    Item at position 14
    N. Retrieves the current user’s username
    True
    False

    Item at position 15
    O. Adds mutex for Eclipse DDoS malware
    True
    False

    Item at position 16
    P. Adds mutex for IPKillerClient malware
    True
    False

    Item at position 17

    Q. Adds mutex for DarkDDoSer malware
    True
    False

    Item at position 18
    R. Contacts various SMTP servers (possibly for spamming)
    True
    False

    Item at position 19
    S. Copies potentially malicious files to the device.
    True
    False

    Item at position 20
    T. Adds a malicious cryptographic certificate to the system.
    True
    False

    Project 2: Malware 3 (Phase I)
    Malware Analysis (Project 2)
    Phase I – Malware 3

    You should answer the following questions about Malware 3 with True or False.

    Item at position 1
    .
    A. Malware sets itself to run whenever Windows starts up
    True
    False

    Item at position 2
    B. Malware looks up the computer name (possibly doing some reconnaissance)
    True
    False

    Item at position 3
    C. Potentially looks through Microsoft Outlook address book contents
    True
    False

    Item at position 4
    D. Creates and executes a Visual Basic Script (VBS) called “WinVBS.vbs”
    True
    False

    Item at position 5
    E. Prevents users from accessing registry tools
    True
    False

    Item at position 6
    F. Hides all drives on computer
    True
    False

    Item at position 7
    G. Prevents users from changing remote administrator settings
    True
    False

    Item at position 8
    H. Searches for all possible drives on computer
    True
    False

    Item at position 9
    I. Checks for its privileges (this isn’t inherently malicious, but the malware possibly performs some different behaviors if it has the proper permissions to do so)
    True
    False

    Item at position 10
    J. Hooks the keyboard (potentially a keylogger)
    True
    False

    Item at position 11
    K. Hooks the mouse
    True
    False

    Item at position 12
    L. Potentially monitors messages before they appear in a window to the user (possible reconnaissance)
    True
    False

    Item at position 13
    M. Communicates with external hosts via IP addresses or domain names, possibly indicative of C2 activity.
    True
    False

    Item at position 14
    N. Retrieves the current user’s username
    True
    False

    Item at position 15
    O. Adds mutex for Eclipse DDoS malware
    True
    False

    Item at position 16
    P. Adds mutex for IPKillerClient malware
    True
    False

    Item at position 17
    Q. Adds mutex for DarkDDoSer malware
    True
    False

    Item at position 18
    R. Contacts various SMTP servers (possibly for spamming)
    True
    False

    Item at position 19
    S. Copies potentially malicious files to the device.
    True
    False

    Item at position 20
    T. Adds a malicious cryptographic certificate to the system.
    True
    False

    Project 2: Malware 4 (Phase I)

    Malware Analysis (Project 2)
    Phase I – Malware 4

    You should answer the following questions about Malware 4 with True or False.

    Item at position 1
    A. Malware sets itself to run whenever Windows starts up
    True
    False

    Item at position 2
    B. Malware looks up the computer name (possibly doing some reconnaissance)
    True
    False

    Item at position 3
    C. Potentially looks through Microsoft Outlook address book contents
    True
    False

    Item at position 4
    D. Creates and executes a Visual Basic Script (VBS) called “WinVBS.vbs”
    True
    False

    Item at position 5
    E. Prevents users from accessing registry tools
    True
    False

    Item at position 6
    F. Hides all drives on computer
    True
    False

    Item at position 7
    G. Prevents users from changing remote administrator settings
    True
    False

    Item at position 8
    H. Searches for all possible drives on computer
    True
    False
    Item at position 9
    I. Checks for its privileges (this isn’t inherently malicious, but the malware possibly performs some different behaviors if it has the proper permissions to do so)
    True
    False

    Item at position 10
    J. Hooks the keyboard (potentially a keylogger)
    True
    False

    Item at position 11
    K. Hooks the mouse
    True
    False

    Item at position 12
    L. Potentially monitors messages before they appear in a window to the user (possible reconnaissance)
    True
    False

    Item at position 13
    M. Communicates with external hosts via IP addresses or domain names, possibly indicative of C2 activity.
    True
    False

    Item at position 14
    N. Retrieves the current user’s username
    True
    False

    Item at position 15
    O. Adds mutex for Eclipse DDoS malware
    True
    False

    Item at position 16
    P. Adds mutex for IPKillerClient malware
    True
    False

    Item at position 17
    Q. Adds mutex for DarkDDoSer malware
    True
    False

    Item at position 18
    R. Contacts various SMTP servers (possibly for spamming)
    True
    False

    Item at position 19
    S. Copies potentially malicious files to the device.
    True
    False

    Item at position 20
    T. Adds a malicious cryptographic certificate to the system.
    True
    False

    Project 2: Malware 5 (Phase I)
    Malware Analysis (Project 2)
    Phase I – Malware 5

    You should answer the following questions about Malware 5 with True or False.

    Item at position 1
    A. Malware sets itself to run whenever Windows starts up
    True
    False

    Item at position 2
    B. Malware looks up the computer name (possibly doing some reconnaissance)
    True
    False

    Item at position 3
    C. Potentially looks through Microsoft Outlook address book contents
    True
    False

    Item at position 4
    D. Creates and executes a Visual Basic Script (VBS) called “WinVBS.vbs”
    True
    False

    Item at position 5
    E. Prevents users from accessing registry tools
    True
    False

    Item at position 6
    F. Hides all drives on computer
    True
    False

    Item at position 7
    G. Prevents users from changing remote administrator settings
    True
    False

    Item at position 8
    H. Searches for all possible drives on computer
    True
    False

    Item at position 9
    I. Checks for its privileges (this isn’t inherently malicious, but the malware possibly performs some different behaviors if it has the proper permissions to do so)
    True
    False

    Item at position 10
    J. Hooks the keyboard (potentially a keylogger)
    True
    False

    Item at position 11
    K. Hooks the mouse
    True
    False

    Item at position 12
    L. Potentially monitors messages before they appear in a window to the user (possible reconnaissance)
    True
    False

    Item at position 13
    M. Communicates with external hosts via IP addresses or domain names, possibly indicative of C2 activity.
    True
    False

    Item at position 14
    N. Retrieves the current user’s username
    True
    False

    Item at position 15
    O. Adds mutex for Eclipse DDoS malware
    True
    False

    Item at position 16
    P. Adds mutex for IPKillerClient malware
    True
    False

    Item at position 17
    Q. Adds mutex for DarkDDoSer malware
    True
    False

    Item at position 18
    R. Contacts various SMTP servers (possibly for spamming)
    True
    False

    Item at position 19
    S. Copies potentially malicious files to the device.
    True
    False

    Item at position 20
    T. Adds a malicious cryptographic certificate to the system.
    True
    False

    Project 2: Phase II Dissect some behaviors
    Malware Analysis (Project 2)
    Phase II
    You must answer the following open questions with regard to Phase II. Make sure you follow all of the project write-up instructions to the letter. There will be no credit given for typographical mistakes.

    Item at position 1
    Type the IP address for Malware 1’s C2 Server in Dot-decimal notation (in case your analysis indicates there is no C2 Server being used by Malware 1 type “none” without quotes):

    Item at position 2
    Type the IP address for Malware 2’s C2 Server in Dot-decimal notation (in case your analysis indicates there is no C2 Server being used by Malware 2 type “none” without quotes):

    Item at position 3
    Type the IP address for Malware 3’s C2 Server in Dot-decimal notation (in case your analysis indicates there is no C2 Server being used by Malware 3 type “none” without quotes):

    Item at position 4
    Type the IP address for Malware 4’s C2 Server in Dot-decimal notation (in case your analysis indicates there is no C2 Server being used by Malware 4 type “none” without quotes):

    Item at position 5
    Type the IP address for Malware 5’s C2 Server in Dot-decimal notation (in case your analysis indicates there is no C2 Server being used by Malware 5 type “none” without quotes):

    Item at position 6
    External SMTP Servers Identification.
    SMTP Servers DNS domain names in a comma- separated list, without spaces:

    Project 2 Phase III
    Cluster and Classify: 15 points
    Upload your final malheur configuration file (config.mlw)

    Phase IV Malheur Summary

    The solution for this part must be submitted on grapescope.com and see what your autograder score before you send me the solution.

    Need fresh solution to this Assignment without plagiarism?? Get Quote Now

    Expert Answer

    Asked by: Anonymous
    Plagiarism Checked
    Answer Rating:
    4.6/5

    Plagiarism free Answer files are strictly restricted for download to the student who originally posted this question.

    Related Assignments

    //
    Our customer support team is here to answer your questions. You can send Assignments directly to support team.
    👋 Hi, how can I help?