GitPwned
Overview
SCENARIO
My friend received an email from a company called AutoSquare Stores. The email provided him with a link to a project on BitBucket and asked if he could work on such a project with them. They asked my friend to do a coding test, such as adding a feature to an existing project. This happened in the start of 2025. My friend downloaded the project and ran it, then some suspected behaviors happened. It seems he has been trapped into some sort of targeting developers' malicious campaign. After a while of searching, I found out my friend was part of a threat actor's campaign. Your tasks: Determine what is the name of the downloader malware used in this operation What is the domain name that the malicious .dll tries to connect to What is the name of the tool the threat actors used for persistence Flag format: flag{MalwareName_www.x.x_softwarename}
Infrastructure
- Static challenge
Provided Files
- All needed artifacts can be found online