(Access AnyRun report to answer this question) What is the password malware use while connecting to the mail server?
I am pretty sure I am on the right path and according to the hint I need to decode, however I still can’t seem to get the correct answer. Please assist.
Decoding passwords can be tricky sometimes. Have you tried different decoding methods or perhaps checked if there are any specific encryption techniques mentioned in the report?
Hello, Were you ever able to find the answer? I read the unstuck? (former Hint) and all it says is don’t forget to decode. I’m relatively new to reading AnyRun’s reports. I’m not sure exactly where I should be looking for this. Does it require some tool to decode (like base 64) once I find the location? Any help is appreciated. Thanks.
I found the password after a good 2-3 hours. I was 100% overthinking this and overcomplicating it with Kali in VirtualBox. So, the answer is in the threat details. You need to bring this text to a base64 decrypt website: “TzhrI1B6NHNrOndf,” and the answer is “O8k#Pz4sk:w_.” I came across this answer because I thought about it more—send login, receive, send “TzhrI1B6NHNrOndf,” receive “235 2.7.0 Authentication successful.” Well, a login needs two things: a username and password, so I figured, why not throw that text into base64 decryption, and bam! Got my answer. Hope this helps.