Brute Ratel: Extracting Indicators of Compromise

Question

Hi Team,&nbsp;Please assist me with "Brute Ratel: Extracting Indicators of Compromise" Lab, I am stuck with Q. 4 and 7.Thank you!

netcat · Answer

We can't give you the solution, but if you tell what you did you'll get hints to point you to the right direction.

phoenix123 · Answer

7. Look at sample2.exe. What IP address can be found in the configuration section?4. What sequence of hexadecimal characters is used to separate sections of the configuration block? (\xDE\xAD\xBE)

phoenix123 · Answer

I got 4th answer.I just need hint to get the 7th, I tried reviewing sample2.exe using &nbsp;Ghex hex editor.

netcat · Answer

Did you identify and decode the configuration section?

Forum Discussion

Brute Ratel: Extracting Indicators of Compromise

4 Replies

Featured Places

Help & Support Forum

Related Content

copy-paste-compromise-malicious-documents-analysis

New CTI/OT Lab: Norwegian Dam Compromise: Campaign Analysis

From XSS and SQLi to AI-generated code and supply-chain compromise: How application security is evolving

Incident Response: P2 - stuck on Q11

Re: SuperSonic: Ep.6 – TEMPLE

Recent Discussions

Incident Response: P2 - stuck on Q11

Python: Expert Challenge 3

Haunted Hollow 2023: Haywire Host

CVE-2024-0012 and CVE-2024-9474 (Palo Alto PAN-OS) – Offensive Question

Kusto Query Language: Ep.9 – Parsing Complex Data Types.