Malware Analysis - CB Challenges - 20/08/2023

CarbonBlack Malware Analysis Writeup

Overview

Putting up my analysis of some malware samples.

SamplesReport
5dee718c386934d2494ee5ddde79d27a69c1687493b6eb40d0db47f730ab76fbView
6fd9909f8ec811577351402832665d4a6b6e5399422b8cac79dd98532ac48913View
19a3dd8024bb4677261ecd8bb85e8a4c53d15870e4b9d2203e933a00b7eecb85View
280d2ceb081745412127a018055234f5a72935a77aa102aef7924ba21f43d4eeView
f8c4c946eaedcfa8bbb722970211c2c4a458f6483dafb5d5a7fd83b3daa441cdView

f8c4c946eaedcfa8bbb722970211c2c4a458f6483dafb5d5a7fd83b3daa441cd

I eventually found the XOR cipher key, unfortunately my bruteforce script wasn’t able to recover the url but in the end the string wasn’t exactly an url. The key was en-CB and the decoded string is c2.2go.ma1w.are_eT!/eab/+CE%&6d