Member-only story
MAL: REMnux The Redux TryHackme
7 min readSep 4, 2024
https://tryhackme.com/room/malremnuxv2
What we learn in this room
- Identifying and analysing malicious payloads of various formats embedded in PDF’s, EXE’s and Microsoft Office Macros (the most common method that malware developers use to spread malware today)
- Learning how to identify obfuscated code and packed files — and in turn — analyse these.
- Analysing the memory dump of a PC that became infected with the Jigsaw ransomware in the real-world using Volatility.
IP Address: 10.10.32.28
Username: remnux
Password: malware
ssh remnux@10.10.32.28Task 3. Analysing Malicious PDF’s
Question 1. How many types of categories of “Suspicious elements” are there in “notsuspicious.pdf”
Answer: 3
Question 2. Use peepdf to extract the javascript from “notsuspicious.pdf”. What is the flag?
Note the output confirming that there’s Javascript present, but also how it is executed? OpenAction will…
