Skip to content

Latest commit

 

History

History

dev_corp_4-4

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
challenge.yml
challenge.yml
 
 

README.md

dev.corp 4/4

Category

Forensic

Description

The payload came from the .iso, and now we don't know what happened on the dev's computer.

A little before the hard disk dump, we also made a memory capture, to potentially recover some evidence.

We need the key of the malware to decrypt things, but we don't have them..

The password for the 7z is : 5HF8dnXIW4uHWztCWHMBrmaVcIQLch3PlCWoEWYPhFKVugAbPJ

Download links :
- https://mega.nz/file/CAwxFAgK#-pB5aauil1IxjPTuzf0cdnysISaHc-HTt8JY0OXYkrY

sha256sums :
- memory.vmem : 2b02b1e97c2239b9d6cabd9aff05b5ba0e24e7bcb7bfb9d2fdce7936c5adc2fa

Could you find :
- Path of the exfiltred files
- AES Key of the malware
- IV of the malware

Format : Hero{C:\file1:C:\file2:C:\fileN:thisisthekey!!!!:thisistheiv!!!!!}
Author : Worty

Files

  • File from mega or google drive

Write up

todo

Flag

Hero{C:\\Users\\dev\\Downloads\\personal.docx:C:\\Users\\dev\\Downloads\\passwords.docx:youwontseeitcome:wellmakeyoufall_}