7. Beacons

Preparation

To make the malware run properly, open Process Explorer and kill the vmx32to64.exe process. Then delete this file:

C:\Windows\System32\vmx32to64.exe

Run the Malware

Run the beacon.exe sample and capture its beacons.

If you are using the Win 2008 VM I handed out, beacon.exe is in the Documents folder. If you are using some other machine, download beacon.7z and unzip it with the password:

malware
Find the domain name of the Command and Control server the beacons are sent to. Use the form below to put your name on the WINNERS PAGE.
Your Name:
Domain name (like this: www.aol.com):

Posted 6-27-17
Title changed 5-6-18 11:38 am
Font changed 1-7-19