TryHackMe Phishing Emails 5

Use the knowledge attained to analyze a malicious email.

This is a walkthrough for the room Phishing Emails 5 on Tryhackme and it is part of the Phishing module.

Task 1 Just another day as a SOC Analyst..

1.1 What is the email’s timestamp? (answer format: dd/mm/yy hh:mm)

Open Thunderbird Mail

Click on File > Open > Saved Messages > challenge.eml

Answer: 6/10/2020 05:58

1.2 Who is the email from?

Answer: Mr. James Jackson

1.3 What is his email address?

Answer: [email protected]

1.4 What email address will receive a reply to this email? 

Answer: [email protected]

1.5 What is the Originating IP?

Answer: 192.119.71.157

1.6 Who is the owner of the Originating IP? (Do not include the “.” in your answer.)

Use your favorite whois tool. This is a link to a list of whois lookup query websites.

1.8 What is the DMARC record for the Return-Path domain?

User your favorite DMARC lookup.

Source
Answer: v=DMARC1; p=quarantine; fo=1

1.9 What is the name of the attachment?

OR

Answer: SWT_#09674321___pdf__.CAP

about:blankImage: Change block type or styleChange alignmentabout:blankAdd titleTryHackMe Phishing Emails 5

Use the knowledge attained to analyze a malicious email.

This is the write up for the room Phishing Emails 5 on Tryhackme and it is part of the Phishing module.

Task 1 Just another day as a SOC Analyst..

1.1 What is the email’s timestamp? (answer format: dd/mm/yy hh:mm)

Open Thunderbird Mail

This image has an empty alt attribute; its file name is image.png

Click on File > Open > Saved Messages > challenge.eml

This image has an empty alt attribute; its file name is image-1.png
This image has an empty alt attribute; its file name is image-2.png
Answer: 6/10/2020 05:58

1.2 Who is the email from?

This image has an empty alt attribute; its file name is image-3.png
Answer: Mr. James Jackson

1.3 What is his email address?

This image has an empty alt attribute; its file name is image-4.png
Answer: [email protected]

1.4 What email address will receive a reply to this email? 

This image has an empty alt attribute; its file name is image-5.png
This image has an empty alt attribute; its file name is image-6.png
Answer: [email protected]

1.5 What is the Originating IP?

This image has an empty alt attribute; its file name is image-7.png
Answer: 192.119.71.157

1.6 Who is the owner of the Originating IP? (Do not include the “.” in your answer.)

Use your favorite whois tool. This is a link to a list of whois lookup query websites.

This image has an empty alt attribute; its file name is image-8.png

1.10 What is the SHA256 hash of the file attachment?

Save the attachment to the the Desktop

Then, open the terminal.

[email protected]:~$ cd Desktop/
[email protected]:~/Desktop$ ls
SWT_#09674321____PDF__.CAB  Tools  challenge.eml
[email protected]:~/Desktop$ sha256sum SWT_#09674321____PDF__.CAB 
Answer: 2e91c533615a9bb8929ac4bb76707b2444597ce063d84a4b33525e25074fff3f

1.11 What is the attachments file size? (Don’t forget to add “KB” to your answer, NUM KB)

Source
Answer: 400.26 KB

1.12 What is the actual file extension of the attachment?

Source
Answer: RAR

1 thought on “TryHackMe Phishing Emails 5”

Leave a Reply

ajax-loader