STORY DRIVEN OSINT CTF

easy
medium
hard
insane

Infectious File

Briefing

Greetings, Special Agent.

We have received intelligence that a hacker group known as the Shadow Syndicate has been developing very advanced malware. This group has been responsible for a number of high-profile cyber attacks in the past, and we believe they are planning to launch another one soon. Your mission is to examine one of the samples of their malware that we have obtained. We believe that it contains clues about their plans and capabilities, and we need you to find out as much as you can about it. You will be working with a team of experts to analyze the sample and extract any useful information.

We need you to be thorough and detail-oriented, as every piece of information could be crucial in stopping the Shadow Syndicate. Itโ€™s imperative to figure out exactly what they are capable of and discover their intentions based on the malware sample. We are counting on you to help us take down this dangerous group and prevent them from causing any more harm. Pay extra attention on this one, as you are working with a live malware sample.

As always, Special Agent, the Contract is yours, if you choose to accept.

Materials

WARNING, ACTUAL MALWARE.

Download Starting Materials

Answer Instruction

Use the answer to unlock the flagfile, this will reward you with your badge.


You will know it when you see it.

Flagfile

Be advised, the flagfile is an encrypted ZIP. Make sure your OS supports the ZIP format. Ensure the password contains no hidden characters or formatting, paste in Notepad first if the password doesn’t seem to work.

Download Flagfile here

PS: Don’t forget to claim your Coins and XP, by posting your card in the #card-brag channel in Discord.

Official Write-up

Provided here is the official write-up, it does contain the answer. Use this if you’re stuck, or want to verify if you got the answer correct.

Infectious File

The challenge involves analyzing a malware sample created by the Shadow Syndicate hacking group to extract a hidden password. The sample needs to be examined safely to discover embedded information.

Available Materials

  1. Malware sample file
  2. Context about Shadow Syndicate
  3. Warning about working with live malware

Safety Precautions

IMPORTANT: This challenge involves analyzing live malware. Always follow these safety protocols:

  1. Use a secure isolated environment (VM/sandbox)
  2. Disable network connectivity during analysis
  3. Use appropriate malware analysis tools
  4. Never execute the malware on your main system
  5. Treat all files as potentially dangerous

Solution Path

Step 1: Setup Analysis Environment

Before examining the malware:

  1. Set up an isolated virtual machine
  2. Install necessary analysis tools
  3. Ensure network isolation
  4. Create system snapshots
  5. Prepare monitoring tools

Step 2: Initial Analysis

Safe examination techniques:

  1. File hash calculation
  2. Static analysis
  3. String extraction
  4. Metadata examination
  5. Header analysis

Step 3: Password Extraction

The target password is:

Th3p@$$4th3Fl@g

Key characteristics:

  • Contains special characters
  • Uses number substitutions
  • Case-sensitive
  • No spaces

Analysis Tools

Recommended tools for safe analysis:

  1. Virtual Machine software
  2. Static analysis tools
  3. Hex editors
  4. String extraction utilities
  5. File analysis tools

Common Pitfalls to Avoid

  1. Executing malware on main system
  2. Missing network isolation
  3. Incomplete environment setup
  4. Overlooking string extraction
  5. Incorrect password copying

Best Practices

  1. Always work in isolation
  2. Document all findings
  3. Take system snapshots
  4. Use multiple analysis methods
  5. Verify extracted data

Verification Steps

To confirm successful extraction:

  1. Password matches exact format
  2. Special characters are correct
  3. Case sensitivity is preserved
  4. No extra spaces included
  5. All substitutions are correct

Additional Security Notes

  1. Keep analysis environment updated
  2. Use fresh VM for each analysis
  3. Monitor system behavior
  4. Document all changes
  5. Maintain proper isolation

Remember: The key to this challenge is maintaining security while effectively analyzing the malware sample. Never compromise safety protocols, even in a CTF environment.

Creator(s): Frank Diepmaat