🚩
Capture the Flag
  • Capture the Flag
  • PicoCTF
    • PicoCTF 2023
      • General Skills
        • chrono
        • money-ware
        • Permissions
        • repetitions
        • useless
        • Special
        • Specialer
      • Cryptography
        • HideToSee
        • ReadMyCert
        • rotation
        • PowerAnalysis: Warmup
      • Reverse Engineering
        • Ready Gladiator 0
        • Reverse
        • Safe Opener 2
        • timer
        • Ready Gladiator 1
      • Forensics
        • PcapPoisoning
        • hideme
        • who is it
        • FindAndOpen
      • Binary Exploitation
        • two-sum
      • Web Exploitation
        • MatchTheRegex
        • findme
Powered by GitBook
On this page
  • Description
  • Solution
  • Flag
  1. PicoCTF
  2. PicoCTF 2023
  3. General Skills

money-ware

Author: Juni19 | 100 points

Description

Flag format: picoCTF{Malwarename}

The first letter of the malware name should be capitalized and the rest lowercase.

Your friend just got hacked and has been asked to pay some bitcoins to 1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX. He doesn’t seem to understand what is going on and asks you for advice. Can you identify what malware he’s being a victim of?

Solution

It appears we have been given an bitcoin wallet address and are told to identify the malware which it belongs to. Since it is a bitcoin wallet, we can make an assumption that the malware was ransomware, asking the victim for payment.

From this we can Google "Ransomware 1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX".

One of the first results is a Crowdstrike article documenting a technical analysis of the Peyta ransomware.

If you are interested in how ransomware works, the article is definitely worth a read.

Flag

Using the naming convention given to us, our flag is picoCTF{Peyta}

PreviouschronoNextPermissions

Last updated 1 year ago