Scribd
Upload
18 views

Malware Analyst

Uploaded by

Tarun Nayak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views

Malware Analyst

Uploaded by

Tarun Nayak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Advanced Executive Program in Cybersecurity

Virtual Internship Project Problem Statement

Malware Analyst
Problem statement:
You are working as a malware analyst for El Banco Bank, where your primary responsibility is to
secure the bank's assets by examining, identifying, and understanding malware, such as viruses,
worms, bots, rootkit, ransomware, and Trojan horse. These types of malware can infect
systems by exploiting vulnerabilities and cause them to behave in unexpected ways.

Background of the problem statement:


El Banco Bank is one of the fastest growing banks in Europe with more than 1200 branches
across the country and manages €200 billion in assets.

Handling millions of dollars of banking transactions per day, its customers hugely depend upon
the security of their banking data. The recent surge in cyber-attacks and data breaches has
become a significant issue for every organization.

According to the latest reports, 51% of cyberattacks are due to various malware, such as
viruses, rootkit, trojan horse, and ransomware.

Expected deliverables:
TASK 1:

As a malware analyst, you have to examine suspicious files or URLs and detect any malware
threats. You have been provided a list of files that you need to examine and verify if these files
are real and do not contain anything malicious. You can check the digital signatures of the files
to verify if it is authentic and hasn’t been tampered with.

For the following applications, determine the Signer Name and the Digest Algorithm used in the
digital signatures. If the digital signature is not available, leave the fields blank.

Name of Signer Digest Algorithm

Virtualbox Microsoft RSA TLS CA 01 Sha256


CN = R3
LibreOffice O = Let's Encrypt Sha256
C = US

DigiCert TLS Hybrid ECC


OWASP ZAP sha384
SHA384 2020 CA1

CN = Cloudflare Inc ECC CA-3


Wireshark O = Cloudflare, Inc. Sha256
C = US

TASK 2:

If the digital signature of the files is not available, you can still verify the integrity of the file by
comparing the hash values provided for the original files. For those files that cannot be verified
using digital signatures, use the following resources to compare the SHA256 values of the files
and determine if the given digest and the calculated digest value match.

By comparing the files' hash values, you are able to determine the integrity of the files and be
assured that the downloaded files are authentic and haven't been tampered with.

Given Digest value Calculated Digest value Match?

703e7c9bcbdda0cd00400 703e7c9bcbdda0cd004004
Virtualbox 49dfcc754c0fb858b6d786 9dfcc754c0fb858b6d786a6 Yes
a6033dc5d68f21b5fff99 033dc5d68f21b5fff99

5e512ecf656acf7d3e2a64 5e512ecf656acf7d3e2a644
LibreOffice 4d2a15ef5c3990e6d7e87 d2a15ef5c3990e6d7e872ce Yes
2ce0cd82ade40637c61e2 0cd82ade40637c61e2

0c86af10453b2444e7070 0c86af10453b2444e70706f
OWASP ZAP 6f259a5878586f536fc57f 259a5878586f536fc57f14b Yes
14b85b41dd47fdbc45922 85b41dd47fdbc45922

b87ee22f981c033e6a075 b87ee22f981c033e6a07519
Wireshark 193c2a9a4cf699ec1a5bde 3c2a9a4cf699ec1a5bde7ec Yes
7ec4851b9344a27b73eb7 4851b9344a27b73eb7
Resources for SHA256 values:

1. https://raw.githubusercontent.com/zaproxy/zap-admin/master/ZapVersions-2.11.xml

2. https://www.virtualbox.org/download/hashes/6.1.30/SHA256SUMS

3. https://download.documentfoundation.org/libreoffice/stable/7.2.3/win/x86_64/LibreO
ffice_7.2.3_Win_x64.msi.mirrorlist

4. https://www.wireshark.org/download/SIGNATURES-3.6.0.txt

TASK 3:

Analyzing files to understand the associated threats is an increasingly important skill for
malware analysts. Analyzing malware could be a daunting task. Fortunately, there are many
tools and resources at your disposal that could help you make this task a little bit easier.

Your next task is to determine if the files are malicious or not.

File Malware?

1.zip [No]

2.zip [No]

3.zip [No]

4.zip [No]

Link for analyzing malicious files: https://www.virustotal.com/

TASK 4:

Another important task for a malware analyst is to perform a vulnerability assessment


to identify the most critical vulnerabilities for correction. This will reduce the risk
of hackers exploiting the applications.

Your organization uses GLPI, an open-source IT Asset Management, issue tracking system, and
service desk system written on PHP. GLPI uses a barcode plugin used for printing barcodes and
QR codes.

Version Link
GLPI 9.5.5 https://glpi-project.org/

Barcode GLPI plugin 2.6.0 https://github.com/pluginsGLPI/barcode

Use the NVD database to search for vulnerabilities in GLPI and third-party plugins (minimum 5
vulnerabilities) and suggest a fix or a workaround.

Link for NVD Database: https://nvd.nist.gov/

CVE Description CVSS Severity Remediation

The software uses


external input to
construct a
pathname that is
1. Relative Path intended to identify a
Traversal file or directory that Go through this links
2.Absolute Path is located underneath for possible solution
Traversal a restricted parent https://github.com/h
3.Improper Input directory, but the ansmach1ne/MyExpl
7.5
Validation software does not oits/tree/main/Path
4.Control of File properly neutralize %20Traversal%20in%
Name or Path special elements 20GLPI%20Barcode%
5.Encoding Error within the pathname 20plugin
that can cause the
pathname to resolve
to a location that is
outside of the
restricted directory.

You might also like