Analyse mémoire 4/5 - Un échelon de plus dans la chaîne

Description

Following your analysis, our teams decided to completely reinstall the operating system on the machine to clean it. However, after the system was reinstalled, the same malware you identified is still present and continues to communicate with the attacker’s C2 server. We therefore suspect that a deeper persistence mechanism is present on the user’s system, and we believe a Device has been registered to pre-position itself during system startup.

The flag is in the format FCSC{<device_name>} where:

<device_name> is the name of the malicious Device.

For example: FCSC{MyVirtualMouse}.

This challenge is part of a serie that should be solved sequentially:

Files

analyse-memoire.tar.xz
1.05 GiB – 59dbdb3d2e0eb219afc63fa086069b0e21cad79060ca3752b75e910058fce206

Author

haxom

Flag

You don't have JavaScript actived. No problem! You can check your flag like this: echo -n 'PUT_THE_FLAG_HERE' | sha256sum # possible output: 75707d49533b7d9c0c2bddc78d4719c1a29e65d9c07f207dece6a979694f65ea

Writeups

There are no public solutions for this challenge yet, but you can submit yours after getting the flag.