[Day 6] Email Analysis

December 6, 2022

Today taught me about email analysis with Linux tools and all web-based tools. TryHackMe provides some great web-based resources and it gave me the idea to organize each type of tool to use in a bookmark folder. At the end of the series, I will gather together all the bookmarks used and organize them appropriately to a pentester methodology.

Flags

What is the email address of the sender?

chief.elf@santaclaus.thm

What is the return address?

murphy.evident@bandityeti.thm

On whose behalf was the email sent?

chief elf

What is the X-spam score?

3

What is hidden in the value of the Message-ID field?

AoC2022_Email_Analysis

Visit the email reputation check website provided in the task. What is the reputation result of the sender's email address?

risky

Check the attachments. What is the filename of the attachment?

Division_of_labour-Load_share_plan.doc

What is the hash value of the attachment?

0827bb9a2e7c0628b82256759f0f888ca1abd6a2d903acdb8e44aca6a1a03467

Visit the Virus Total website and use the hash value to search. Navigate to the behavior section. What is the second tactic marked in the Mitre ATT&CK section?

defense evasion

Visit the InQuest website and use the hash value to search. What is the subcategory of the file?

macro_hunter