Forum Discussion
Ransomware: TeslaCrypt - Stuck at Last Question
Has anyone figured out the final question of the Ransomware: TeslaCrypt lab?
"What is the domain of the first DNS request made after executing the malware?"
- No correct answers via Ghidra
- No answers via ProcMon (suggested in the briefing)
- I checked the activity in x32dbg - nothing
Any ideas? Is the lab broken? As always I might be looking too far...
1 Reply
Well, I figured it out by pure chance, less by deliberate analysis. Any hints how this could be achieved in a "regular" manner would be appreciated.
