The administrator for FlagCorp was using an outdated Windows 7 system and got infected with some ransomware. We believe this variant was most likely written by a scriptkiddie due to the fact it was so badly designed it encrypted itself. One of our malware analysts was able to recover the encryption function from memory but doesn’t know much about cryptography. Can you find a way to decrypt flag.txt?
Rules & Information
- You are not require to run ransomware1.exe, this challenge is static analysis only.
- Do not use a debugger or dumper to retrieve the decrypted flag from memory, this is cheating.
- Analysis can be done using the free version of IDA Pro (you don’t need the debugger).
The “malware” in these challenges is not real or designed to harm your system in anyway; however, It is always a good idea to run any untrusted code in a virtual machine. Some challenges emulate techniques used in real malware, which may cause antivirus detections. Please don’t contact me about antivirus detection as there is nothing I can do about it. Treat all files as if you were handling real malware.
If you’re stuck on a challenge or simply want to chat, come and join us in the MalwareTech Discord! The challenge help channel is #challenge-help. Please remember to use spoiler tags to avoid spoiling the challenges for others.