The last TLS callback will AES-CBC-192 decrypt resource 139 with key 0xakm_0xpwn_0xDr4ftD0wn. Cursory analysis of the WinMain code should reveal to you that the code in WinMain is just a red herring as it’s impossible to guess any flag generated by it. We should inspect these callbacks first as they will actually be executed before WinMain. These callbacks also show up in Exports in IDA Pro so they aren’t hard to miss. Initial triage of susware.exe in tools like pestudio will highlight that there are multiple TLS callbacks. This challenge was made in collaboration with DraftDown Labs! Challenge Files While the binary will not harm your system, I suggest analyzing everything in a Virtual Machine with antiviruses switched off. #PESTUDIO ENTROPY ZIP FILE#The password for the ZIP file is infected. Can you help him decipher the malware’s traffic? However, he’s too busy getting more CVEs and HackerOne bounties to conduct any further analysis. He quickly put his Cyber Olympian™ skills to use and managed to retrieve the offending binary as well as capture the network traffic sent out by it. Alas, tragedy struck when he joined too many suspicious Telegram groups without due caution and ended up getting infected by suspicious malware. It has long been rumored that many threat actors were after zeyu2001’s personal stockpile of the latest web 0-days. Common malware techniques like anti-debugging, string obfuscation, encryption, compression, packing, and process injection are used. #PESTUDIO ENTROPY FULL#This challenge is designed so that the full solving process provides you with a realistic approximation of completing an actual malware analysis task. no rev/pwn no life (r4kapig)’s crazyman was really close though! Details This SEETF 2022 Reversing challenge only had 1 solve by AuroraDawn’s gigx.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |