Guild icon
Project Sekai
🔒 CrewCTF 2023 / ✅-forensics-attaaaaack8
Avatar
Sutx BOT 07/08/2023 12:14 AM
Attaaaaack8 - 1000 points
Category: Forensics Description: Q8. What is the Attacker's C2 domain name and port number ? (domain name:port number) Author : 0xSh3rl0ck Files: No files. Tags: No tags.
07/08/2023 12:14 AM
Sutx pinned a message to this channel. 07/08/2023 12:14 AM
Avatar
Sutx BOT 07/08/2023 12:15 AM
@Surg wants to collaborate 🤝
Avatar
Surg 07/08/2023 1:39 AM
General summary of 1-7: Profile: Win7SP1x86_23418 runddl32.exe appears to be a keylogger type program that spawned the notepad.exe that was in the pslist> Located: C:\Users\0XSH3R~1\AppData\Local\Temp\MSDCSC\runddl32.exe The relevant API it uses to record keystate is GetKeyState
01:40
I havent had any immidiate luck finding the c2 domain
Avatar
Sutx BOT 07/08/2023 1:55 AM
@Guesslemonger wants to collaborate 🤝
Avatar
Guesslemonger 07/08/2023 1:56 AM
dumped process?
Avatar
Surg 07/08/2023 1:57 AM
yeah
01:57
http:// shows up but no url/ip that i could scan over
Avatar
Sutx BOT 07/08/2023 2:31 AM
@Violin wants to collaborate 🤝
02:35
✅ Challenge solved.
Avatar
Surg 07/08/2023 2:35 AM
where
Avatar
Guesslemonger 07/08/2023 2:35 AM
upto 13 lol
02:35
osint
02:35
no-ip.org in dump
02:37
https://www.virustotal.com/gui/file/25aaa2657e649d8976cb321a6bf63eb56e8451ebde550003ef98782dd1b5ae62/behavior also here, uploaded to virustotal
Exported 16 message(s)