FAQ: Dynamic Analysis Example Using AnyRun

This FAQ, collaboratively created by the community, addresses the content of the lesson titled “Dynamic Analysis Example Using AnyRun”

You can locate this exercise within the LetsDefend content:

Malware Analysis Fundamentals
SOC Analyst Learning Path

If there are any specific questions regarding the lesson or exercise, please don’t hesitate to ask them here.

I am having trouble with the following question:

(Access AnyRun report to answer this question) What is the password malware use while connecting to the mail server?

I am pretty sure I am on the right path and according to the hint I need to decode, however I still can’t seem to get the correct answer. Please assist.

Did you find the answer to your question because I am stuck on this as well. Any help would be appreciated.

Decoding passwords can be tricky sometimes. Have you tried different decoding methods or perhaps checked if there are any specific encryption techniques mentioned in the report?

Hello, Were you ever able to find the answer? I read the unstuck? (former Hint) and all it says is don’t forget to decode. I’m relatively new to reading AnyRun’s reports. I’m not sure exactly where I should be looking for this. Does it require some tool to decode (like base 64) once I find the location? Any help is appreciated. Thanks.

Hi , Start by checking the Network tab, then you can use tools like CyberChef for decreption.

Hello.
Did you find the answer to your question because I am stuck on this as well. Any help would be appreciated.

I found the password after a good 2-3 hours. I was 100% overthinking this and overcomplicating it with Kali in VirtualBox. So, the answer is in the threat details. You need to bring this text to a base64 decrypt website: “TzhrI1B6NHNrOndf,” and the answer is “O8k#Pz4sk:w_.” I came across this answer because I thought about it more—send login, receive, send “TzhrI1B6NHNrOndf,” receive “235 2.7.0 Authentication successful.” Well, a login needs two things: a username and password, so I figured, why not throw that text into base64 decryption, and bam! Got my answer. Hope this helps.

1 Like