LetsDefend : Email Analysis


You recently received an email from someone trying to impersonate a company, your job is to analyze the email to see if it is suspicious.

Unzipped both folders and extract the files onto your VM. The first file consists of an .eml document and the second is an executable. Open the email in a text editor and you will be able to answer the first few questions.

What is the sending email address?

What is the email address of the recipient?

What is the subject line of the email?

What date was the Email sent? Date format: MM/DD/YYYY

What is the originating IP?

What country is the ip address from?

Run a WhoisLookup on the originating IP to find the country of origin.

What is the name of the attachment when you unzip it? (with extension)

What is the sha256 hash of the File?

Is the email attachment malicious? Yes/N

Submit the file to VirusTotal and the email attachment is indeed malicious. Majority of the security vendors have considered it to be a trojan.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s