Questions
1. What is the function name that downloads and executes files in the WarevilleApp.exe?
DownloadAndExecuteFile
2. Once you execute the WarevilleApp.exe, it downloads another binary to the Downloads folder. What is the name of the binary?
explorer.exe
3. What domain name is the one from where the file is downloaded after running WarevilleApp.exe?
mayorc2.thm
4. The stage 2 binary is executed automatically and creates a zip file comprising the victim’s computer data; what is the name of the zip file?
CollectedFiles.zip
5. What is the name of the C2 server where the stage 2 binary tries to upload files?
