Lockpick 2.0
Lockpick 2.0 HackTheBox Malware Analysis Sherlocks Writeup by Thamizhiniyan C S
Last updated
Lockpick 2.0 HackTheBox Malware Analysis Sherlocks Writeup by Thamizhiniyan C S
Last updated
Forela needs your help! A whole portion of our UNIX servers have been hit with what we think is ransomware. We are refusing to pay the attackers and need you to find a way to recover the files provided. Warning This is a warning that this Sherlock includes software that is going to interact with your computer and files. This software has been intentionally included for educational purposes and is NOT intended to be executed or used otherwise. Always handle such files in isolated, controlled, and secure environments. Once the Sherlock zip has been unzipped, you will find a DANGER.txt file. Please read this to proceed.
First download the given file and extract it. The password for the given zip file is hacktheblue.
The given zip file has another zip file and a DANGER.txt file as shown in the following image. The DANGER.txt file contains the password for the malware.zip file.
The password for malware.zip file is &PD8LhraU1hx.
What type of encryption has been utilised to encrypt the files provided?
Answer: AES
Which market is our CEO planning on expanding into? (Please answer with the wording utilised in the PDF)
Answer:
Please confirm the name of the bank our CEO would like to takeover?
Answer:
What is the file name of the key utlised by the attacker?
Answer:
What is the file hash of the key utilised by the attacker?
Answer:
What is the BTC wallet address the TA is asking for payment to?
https://pastebin.ai/raw/foiawsmlsk
Answer: 1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2
How much is the TA asking for?
Answer:
What was used to pack the malware?
Answer: upx
