https://app.letsdefend.io/challenge/email-analysis
You recently received an email from someone trying to impersonate a company, your job is to analyze the email to see if it is suspicious.
Unzipped both folders and extract the files onto your VM. The first file consists of an .eml document and the second is an executable. Open the email in a text editor and you will be able to answer the first few questions.
What is the sending email address?
What is the email address of the recipient?
What is the subject line of the email?
What date was the Email sent? Date format: MM/DD/YYYY
What is the originating IP?
What country is the ip address from?
Run a WhoisLookup on the originating IP to find the country of origin.
What is the name of the attachment when you unzip it? (with extension)
What is the sha256 hash of the File?
Is the email attachment malicious? Yes/N
Submit the file to VirusTotal and the email attachment is indeed malicious. Majority of the security vendors have considered it to be a trojan.
Persecure : my learning archive 