search

Day 7

LogoCyberChefgchq.github.iochevron-right

hashtag
What is the version of CyberChef found in the attached VM?

circle-info

9.49.0

hashtag
How many recipes were used to extract URLs from the malicious doc?

  1. strings

  2. Find / Replace

  3. Drop bytes

  4. From base64

  5. Decode text

  6. Find/Replace (to remove patterns)

  7. Find/Replace

  8. Extract URLs

  9. Split

  10. Defang URL

circle-info

10

hashtag
We found a URL that was downloading a suspicious file; what is the name of that malware?

Last step will solve the next 3 questions

circle-info

mysterygift.exe

hashtag
What is the last defanged URL of the bandityeti domain found in the last step?

circle-info

hxxps[://]cdn[.]bandityeti[.]THM/files/index/

hashtag
What is the ticket found in one of the domains? (Format: Domain/<GOLDEN_FLAG>)

circle-info

THM_MYSTERY_FLAG

PreviousDay 6NextDay 8

Last updated