✅ MALWARE - RAT
Writeup by: @goproslowyo
Tags
- medium
Files:
Description
Author: @JohnHammond
I was arguing with a co-worker on whether or not it is “Remote Access Tool” or “Remote Access Trojan”, and he didn’t agree with me, so I sent him this shady file ;) NOTE: Archive password: infected NOTE, this challenge is based off of a real malware sample. We have done our best to “defang” the code, but out of abudance of caution it is strongly encouraged you only analyze this inside of a virtual environment separate from any production devices. Download the file(s) below.
Writeup
Upload to VirusTotal. Get flag string from Memory Pattern URLs or the Decoded text sections.
{"Server": "flag{8b988b859588f2725f0c859104919019}", "Ports": "S1hNZ2tQdFJlRkVIWXhKczRMZEIwRmRQVmg3WGxDNEQ=", "Version": "REMOVED FOR SAFETY", "BDOS": "false"}
flag{8b988b859588f2725f0c859104919019}