Scenario

You are part of the Threat Intelligence team in the SOC (Security Operations Center). An executable file has been discovered on a colleague's computer, and it's suspected to be linked to a Command and Control (C2) server, indicating a potential malware infection.

Your task is to investigate this executable by analyzing its hash. The goal is to gather and analyze data beneficial to other SOC members, including the Incident Response team, to respond to this suspicious behavior efficiently.

https://cyberdefenders.org/blueteam-ctf-challenges/red-stealer/

file hash :

248FCC901AFF4E4B4C48C91E4D78A939BF681C9A1BC24ADDC3551B32768F907B

1- Categorizing malware enables a quicker and clearer understanding of its unique behaviors and attack vectors. What category has Microsoft identified for that malware in VirusTotal?

Trojan

Screenshot 2025-07-08 002853.png

search the hash in VT find the answer in the Threat category

2- Clearly identifying the name of the malware file improves communication among the SOC team. What is the file name associated with this malware?

Wextract

Screenshot 2025-07-08 003228.png

Screenshot 2025-07-08 003153.png

you can find the name under the hash or go to Details → Names