Email analysis challenge in LetsDefend
Link of challenge :
https://app.letsdefend.io/challenge/email-analysis
In this article, we’ll be looking at the Email Analysis challenge from LETSDEFEND to determine whether it was a phishing attempt or not. Click Phishing Email Challenge-LetsDefend Lab .
Email Link: [Download](https://letsdefend-images.s3.us-east-2.amazonaws.com/Challenge/Email-Analysis/BusinessEmail.zip)
Password: infected
Attachment: [Download](https://letsdefend-images.s3.us-east-2.amazonaws.com/Challenge/Email-Analysis/united+scientific+equipent.zip)
Password: infected
NB: It is highly recommended to open the files in a virtual machine because they are malicious.
Lets go :
ok we got email file and attachment file here
which called : BusinessEmail.eml & united scientific equipent.exe
lets go to solve questions :
we open email file open with “Mousepad”
Q1: What is the sending email address?
Answer : yanting@united.com.sg
Q2: What is the email address of the recipient?
Answer : admin@malware-traffic-analysis.net
Q3: What is the subject line of the email?
Answer : united scientific equipment
Q4: What date was the Email sent? Date format: MM/DD/YYYY?
Answer : 02/08/2021
Q5: What is the originating IP?
Answer : 71.19.248.52
Q6: What country is the ip address from?
I used online tools to get it : Iplookup or AbuseIPDB
Answer : Canada
Q7: What is the name of the attachment when you unzip it? (with extension)
Answer : united scientific equipent.exe
Q8 : What is the sha256 hash of the File?
Answer : 9909753bfb0ac8ab165bab3555233d03b01a9274a92e57c022f87ccbe51ca415
Q9 : Is the email attachment malicious? Yes/No
we can get md5 sum hash or sha256 of attachment file and search by it in VirusTotal or Hybrid-analysis
Answer : Yes
All the best!
