[THM] Phishing Emails 5 by TryHackMe

-

Congrats to you at the Last!



Task 1 

Q: What is the email's timestamp? (answer format: dd/mm/yy hh:mm)
A: 6/10/2020 05:58
 
Open this in a different way than you may first think.. I wonder what Thunderbird would make of this email?
 
MASSIVE TIP: At the time of this post, there is a glitch. It is not dd/mm/yy it is dd/mm/yyyy. You'll need the whole 2020 (what a year, amiright?)
 
Q: Who is the email from?
A: Mr. James Jackson
 
Again check out the email when brought up in Thunderbird.
 
Q: What is his email address?
A: info@mutawamarine.com
 
Q: What email address will receive a reply to this email? 
A: info.mutawamarine@mail.com
 
Q: What is the Originating IP?
A: 192.119.71.157
 
Q: Who is the owner of the Originating IP? (Do not include the "." in your answer.)
A: Hostwinds LLC
 
Q: What is the SPF record for the Return-Path domain?
A: v=spf1 include:spf.protection.outlook.com -all

 
I love MX toolbox, partly because they make such useful tools for email security but also because they are here in Austin Texas! 
https://mxtoolbox.com/spf.aspx
 
Q: What is the DMARC record for the Return-Path domain?
A: v=DMARC1; p=quarantine; fo=1
 
https://mxtoolbox.com/DMARC.aspx
 
Q: What is the name of the attachment?
A: SWT_#09674321____PDF__.CAB
 
Q: What is the SHA256 hash of the file attachment?
A: 2e91c533615a9bb8929ac4bb76707b2444597ce063d84a4b33525e25074fff3f
 



Q: What is the attachments file size? (Don't forget to add "KB" to your answer, NUM KB)
A: 400.26 KB


Take a note of the Size in the screenshot in the question above. I very simply took that and converted it with this tool: https://www.gbmb.org/bytes-to-kb.

 
Q: What is the actual file extension of the attachment?
A: RAR


For the last question, I grabbed that hash and could have answered this and the last with https://www.virustotal.com/gui/file/2e91c533615a9bb8929ac4bb76707b2444597ce063d84a4b33525e25074fff3f

 
 
 
Great luck to anyone who comes across this blog! Connect with me on LinkedIn, it's great to have helped anyone who got stuck. 
 
 



Popular posts from this blog

[THM] Phishing Emails 2 by TryHackMe

-
Image
We Meet Again This module is all about getting into the actual phishing email header analysis. The biggest suggestion I have here is to get and stay curious about the oddities coming into your mailbox. Do header analysis on all those weird enhancement emails and pay close attention in the next upcoming module on how to handle potential malicious payloads so you learn the best way to open attachments and links.  But let's dig into this module first.
Read more