Lockpick 2.0

Lockpick 2.0 HackTheBox Malware Analysis Sherlocks Writeup by Thamizhiniyan C S

Sherlock Scenario

Forela needs your help! A whole portion of our UNIX servers have been hit with what we think is ransomware. We are refusing to pay the attackers and need you to find a way to recover the files provided. Warning This is a warning that this Sherlock includes software that is going to interact with your computer and files. This software has been intentionally included for educational purposes and is NOT intended to be executed or used otherwise. Always handle such files in isolated, controlled, and secure environments. Once the Sherlock zip has been unzipped, you will find a DANGER.txt file. Please read this to proceed.

Hack The Boxapp.hackthebox.com

---

Setting up the Environment

First download the given file and extract it. The password for the given zip file is hacktheblue.

The given zip file has another zip file and a DANGER.txt file as shown in the following image. The DANGER.txt file contains the password for the malware.zip file.

The password for malware.zip file is &PD8LhraU1hx.

---

Task 1

Question

What type of encryption has been utilised to encrypt the files provided?

Solution

strings update

Answer: AES

---

Task 2

Question

Which market is our CEO planning on expanding into? (Please answer with the wording utilised in the PDF)

Solution

Answer:

---

Task 3

Question

Please confirm the name of the bank our CEO would like to takeover?

Solution

Answer:

---

Task 4

Question

What is the file name of the key utlised by the attacker?

Solution

Answer:

---

Task 5

Question

What is the file hash of the key utilised by the attacker?

Solution

Answer:

---

Task 6

Question

What is the BTC wallet address the TA is asking for payment to?

Solution

https://pastebin.ai/raw/foiawsmlsk

Answer: 1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2

---

Task 7

Question

How much is the TA asking for?

Solution

Answer:

---

Task 8

Question

What was used to pack the malware?

Solution

Answer: upx