✅ MALWARE - VeeBeeEee

Writeup by: @goproslowyo

Tags

• easy

Files:

• veebeeeee

Description

Author: @JohnHammond

While investigating a host, we found this strange file attached to a scheduled task. It was invoked with wscript or something… can you find a flag? NOTE, this challenge is based off of a real malware sample. We have done our best to “defang” the code, but out of abudance of caution it is strongly encouraged you only analyze this inside of a virtual environment separate from any production devices. Download the file(s) below.

Writeup

This was an “encoded” VBScript. Mr. Hammond helpfully provides a tool in his GitHub repos.

Once you’ve got the script decoded you’ll quickly find the flag linked on a pastebin site.

flag{ed81d24958127a2adccfb343012cebff}