Questions
1. What was the first message the payload sent to Mayor Malware’s C2?
ip.src == 10.10.229.217
system prompt
2. What was the IP address of the C2 server?
10.10.123.224
3. What was the command sent by the C2 server to the target machine?
whoami
4. What was the filename of the critical file exfiltrated by the C2 server?
credentials.txt
5. What secret message was sent back to the C2 in an encrypted format through beacons?
