Scenario:
A large company is concerned that some of their computers may have been infected with a variant of the Zeus malware toolkit and could be communicating with a malicious command and control (C2) server. They have captured the memory of one of the systems and would like you to determine the IP of the C2. That way they can check their network logs to determine what machines were communicating with it.

Your Goal:
Analyze the "Malware - Zeus" memory dump from the below site to determine the IP of the C2. We would also like to know the country the IP is located in.
https://code.google.com/p/volatility/wiki/SampleMemoryImages

Solution:
We will post the solution to Mini-Challenge 5 on 7/5 for you to see how you did. Mini Challenge 5 solutions are available below.

What to Look For:
The C2's IP followed by the two letter country code it originates from. Submissions must be in the following format:
<IP excluding the periods><Capitalized Country Code>
For example if the IP was "192.168.1.1" and the country code was "JQ" your submission would be:
19216811JQ

Challenge5Solution.txt(1.11 KB) Jul 9 2013, 8:02 PM
Challenge5SolutionScreenshot.JPG(98.23 KB) Jul 9 2013, 8:02 PM