Welcome, Analyst. You have been tasked with identifying and reverse-engineering suspicious payloads discovered across the corporate network.
First, you must accurately classify behaviors observed by the EDR system into specific malware categories. Second, you will dissect two isolated payloads (redline and cybernetics-update.exe) to extract hashes, hardcoded domains, loaded DLLs, and embedded flags.
Scope: Classify all behavioral alerts correctly. Select the category and click verify.
Behavioral Alert Observation
Severity
Malware Type Validation
Scope: In the Kali VM, there is a sample named redline in the directory Desktop/Samples. Use static analysis tools and OSINT (like Hybrid Analysis) to inspect the binary.
Scope: It’s the middle of the night shift. You’re the only analyst in the SOC when the Cybernetics manager calls in urgently: a suspicious file was found on a user's machine and needs immediate review.
Analyse the binary located at Samples\cybernetics-update.exe. Collect anything to identify it, gather potential IOCs, and correlate the alerts.