[Day 9] Malware analysis She sells C# shells by the C2shore
What HTTP User-Agent was used by the malware for its connection requests to the C2 server?
Mozilla/5.0 (Macintosh; Intel Mac OS X 14_0) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15
What is the HTTP method used to submit the command execution output?
POST
What key is used by the malware to encrypt or decrypt the C2 data?
youcanthackthissupersecurec2keys
What is the first HTTP URL used by the malware?
http://mcgreedysecretc2.thm/reg
How many seconds is the hardcoded value used by the sleep function?
15
What is the C2 command the attacker uses to execute commands via cmd.exe?
shell
What is the domain used by the malware to download another binary?
stash.mcgreedy.thm