huntress2023

Writeups for Huntress CTF 2023

View on GitHub

✅ MALWARE - Thumb Drive

Writeup by: @goproslowyo

Tags

Files:

Description

Author: @JohnHammond

People say you shouldn’t plug in USB drives! But I discovered this neat file on one that I found in the parking lot… WARNING: Your antivirus solution may raise an alert (this is the ‘Malware’ category, after all). Please do not attempt this challenge without the usual caution you may take when analyzing malicious software. Download the file(s) below.

Writeup

Analyzing the .lnk file gives us a tinyurl link to a Google Drive document hosting a base64 encoded .dll file.

For this I used PECmd.exe but I’m sure you could easily use strings or similar.

The tinyurl link in the lnk file

CyberChef recipe to decode dll

Next, we just need to execute the DLL to get the flag.

C:\Users\flare>rundll32 C:\Users\flare\Downloads\download.2.dll,does_not_exist

C:\Users\flare>

Get the flag with rundll32

---------------------------
Your flag is:
---------------------------
flag{0af2873a74cfa957ccb90cef814cfe3d}
---------------------------
OK
---------------------------