7. Beacons 7.信标

Preparation制备

To make the malware run properly, open Process Explorer and kill the vmx32to64.exe process.要使恶意软件正常运行,请打开Process Explorer并杀死vmx32to64.exe进程。 Then delete this file:然后删除这个文件:

C:\Windows\System32\vmx32to64.exe C:\ WINDOWS \ SYSTEM32 \ vmx32to64.exe

Run the Malware运行恶意软件

Run the beacon.exe sample and capture its beacons.运行beacon.exe示例并捕获其信标。

If you are using the Win 2008 VM I handed out, beacon.exe is in the Documents folder.如果您使用的是我分发的Win 2008 VM, beacon.exe位于Documents文件夹中。 If you are using some other machine, download beacon.7z and unzip it with the password:如果您使用的是其他机器,请下载beacon.7z并使用密码解压缩:

malware 恶意软件
Find the domain name of the Command and Control server the beacons are sent to.查找信标发送到的命令和控制服务器的域名 Use the form below to put your name on the WINNERS PAGE .使用下面的表格将您的姓名放在赢家页面上
Your Name: 你的名字:
Domain name (like this: www.aol.com): 域名(如:www.aol.com):

Posted 6-27-17发布6-27-17
Title changed 5-6-18 11:38 am标题改为5-6-18上午11:38