Rootme Command and control level 6
Root-me.org
Command & Control - Level 6
Reverse Engineering
We got to find all the C&Cs for this malware. We already know the process from the previous challenges.
We’ll dump it and search for it in virustotal.
vol.py --profile=Win7SP1x86 -f ch2.dmp procdump -D . -p 2772
md5sum executable.2772.exe
05a065421caa9215958deca72a5b15f3 executable.2772.exe
If we search for that hash in virustotal and look in the details we’ll see that there’s 2 different sandboxes that processed the file.
We can see the dns queries done by the malware. One of the domain is the right one.
This is the easy way to find it. I think the goal of this was to dissamble it.