✅ MALWARE - Thumb Drive
Writeup by: @goproslowyo
Tags
- medium
Files:
Description
Author: @JohnHammond
People say you shouldn’t plug in USB drives! But I discovered this neat file on one that I found in the parking lot… WARNING: Your antivirus solution may raise an alert (this is the ‘Malware’ category, after all). Please do not attempt this challenge without the usual caution you may take when analyzing malicious software. Download the file(s) below.
Writeup
Analyzing the .lnk file gives us a tinyurl link to a Google Drive document hosting a base64 encoded .dll file.
For this I used PECmd.exe
but I’m sure you could easily use strings
or similar.
CyberChef recipe to decode dll
Next, we just need to execute the DLL to get the flag.
C:\Users\flare>rundll32 C:\Users\flare\Downloads\download.2.dll,does_not_exist
C:\Users\flare>
---------------------------
Your flag is:
---------------------------
flag{0af2873a74cfa957ccb90cef814cfe3d}
---------------------------
OK
---------------------------