forensics re

E.T. Call Home

Punkty: 300
Rozwiązań: 7

We've noticed unusual network traffic in our network. Unfortunately, AV software permanently deleted the malware sample, so we have only few PCAP files from that incident. But hey, it seems that C&C server still works! Malware analysts say that C&C is going to drop next stage, but we need to pass some environment checks?

Could you recreate the client and get the second-stage sample? Good luck!

C&C is now located on:

PCAP file with malware traffic: traffic.pcapng.

Hint: Do not run commands received from C&C on your host. If you need to, use dedicated virtual machine to prevent accidental damage or data loss.

Format flagi: ecsc{litery_cyfry_i_znaki_specjalne}.

Aby wysłać flagę, musisz się zalogować.