Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the ultimate-blocks domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/margheri/public_html/wp-includes/functions.php on line 6121

Notice: _load_textdomain_just_in_time işlevi yanlış çağrıldı. Translation loading for the perfect-portfolio domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Ayrıntılı bilgi almak için lütfen WordPress hata ayıklama bölümüne bakın. (Bu ileti 6.7.0 sürümünde eklendi.) in /home/margheri/public_html/wp-includes/functions.php on line 6121
Advent of Cyber 2024 Day 21: HELP ME...I'm REVERSE ENGINEERING! - Aleyna Doğan

Advent of Cyber 2024 Day 21: HELP ME…I’m REVERSE ENGINEERING!

on 21 Aralık 202421 Aralık 2024By Aleyna Doğan

Lab link.

Questions

1. What is the function name that downloads and executes files in the WarevilleApp.exe?

DownloadAndExecuteFile

2. Once you execute the WarevilleApp.exe, it downloads another binary to the Downloads folder. What is the name of the binary?

explorer.exe

3. What domain name is the one from where the file is downloaded after running WarevilleApp.exe?

mayorc2.thm

4. The stage 2 binary is executed automatically and creates a zip file comprising the victim’s computer data; what is the name of the zip file?

CollectedFiles.zip

5. What is the name of the C2 server where the stage 2 binary tries to upload files?

More Tryhackme Advent of Cyber 2024