CTFtime.org

Projan

by erolo / Inner Savages

Tags: wireshark 

Rating: 4.0

## Projan

***
I found malware in my system. It was trying to steal my DogeCoins! Can you find the name of this malware? (.pcap file included)
***

pcap file (696,787 bytes) has following protocol hierarchy

Projan1.img

![](https://i.ibb.co/qyCh5P5/projanprotocols.png)

after few minutes of browsing http streams I have found that user downloaded a suspicious file named ```goog1e_born.exe```

![](https://i.ibb.co/3mRk55B/projan2.png)

I have found a checksum on web and uploaded it to virus total, maybe it is not a common way of founding malware name but I have tried one of tags in the community sections.

![](https://i.ibb.co/16YHcFL/projan3.png)

flag is SBCTF{ponmocup}

Original writeup (https://github.com/eroloo/ctf/tree/main/Loki2021CTF/Projan).

Comments