[{"_1":2,"_33":-5,"_34":-5},"loaderData",{"_3":4},"routes/challenges.$slug",{"_5":6},"challenge",{"_7":8,"_9":10,"_11":12,"_13":14,"_15":16,"_17":18,"_19":20,"_21":22,"_23":24,"_30":31},"slug","malmusic","name","MalMusic","category","Malware Reverse Engineering","description","A suspicious audio file was reported after a user executed a seemingly harmless command from a browser prompt. Shortly after, abnormal system activity and outbound connections were observed. Your task is to analyze the provided artifact and determine what data was ultimately exfiltrated during execution. Flag format: flag{(c2_ip_address)}","descriptionHtml","

A suspicious audio file was reported after a user executed a seemingly harmless command from a browser prompt. Shortly after, abnormal system activity and outbound connections were observed.

Your task is to analyze the provided artifact and determine what data was ultimately exfiltrated during execution.

Flag format:

flag{(c2_ip_address)}

","labDetails","Prerequisites & Requirements Intermediate JavaScript Proficiency: A solid understanding of JavaScript syntax, common obfuscation techniques, and the ability to debug and modify scripts for analysis. Intermediate PowerShell Expertise: Familiarity with PowerShell scripting, including command execution, variable manipulation, and understanding typical obfuscation methods used in PowerShell payloads. Intermediate .NET C# Knowledge: A good grasp of C# programming concepts, the .NET framework, and experience with decompilers to analyze compiled .NET executables. What will you learn? Deobfuscate Multi-Stage JavaScript Payloads: Master techniques for deobfuscating complex JavaScript code, including hex decoding, character code transformations, and identifying execution chains. Reverse Engineer Obfuscated PowerShell Scripts: Gain proficiency in analyzing and deobfuscating PowerShell scripts that utilize various techniques such as custom functions, array manipulations, and cryptographic operations ( e.g ., AES, Gzip). Perform Dynamic .NET Malware Analysis: Develop skills in dynamically analyzing .NET executables using tools like dnSpy, including setting breakpoints, stepping through code, and extracting critical runtime information like C2 addresses. Tools A JavaScript Engine ( e.g ., Node.js ): For executing and debugging JavaScript code extracted from initial stages of the malware. PowerShell: To execute and deobfuscate intermediate PowerShell scripts. CyberChef: A versatile web-based tool for various data transformations, including Base64 decoding and hex conversions.","labDetailsHtml","

Prerequisites & Requirements

Intermediate JavaScript Proficiency: A solid understanding of JavaScript syntax, common obfuscation techniques, and the ability to debug and modify scripts for analysis.
Intermediate PowerShell Expertise: Familiarity with PowerShell scripting, including command execution, variable manipulation, and understanding typical obfuscation methods used in PowerShell payloads.
Intermediate .NET C# Knowledge: A good grasp of C# programming concepts, the .NET framework, and experience with decompilers to analyze compiled .NET executables.

What will you learn?

Deobfuscate Multi-Stage JavaScript Payloads: Master techniques for deobfuscating complex JavaScript code, including hex decoding, character code transformations, and identifying execution chains.
Reverse Engineer Obfuscated PowerShell Scripts: Gain proficiency in analyzing and deobfuscating PowerShell scripts that utilize various techniques such as custom functions, array manipulations, and cryptographic operations ( \n e.g\n ., AES, Gzip).
Perform Dynamic .NET Malware Analysis: Develop skills in dynamically analyzing .NET executables using tools like dnSpy, including setting breakpoints, stepping through code, and extracting critical runtime information like C2 addresses.

Tools

A JavaScript Engine ( \n e.g\n ., \n Node.js\n ): For executing and debugging JavaScript code extracted from initial stages of the malware.
PowerShell: To execute and deobfuscate intermediate PowerShell scripts.
CyberChef: A versatile web-based tool for various data transformations, including Base64 decoding and hex conversions.

","level","Hard","tags",[25,26,27,28,29],"Decompiler","Static Analysis","Dynamic Analysis","Obfuscation","C2 Communication","jobPositions",[32],"Malware Analyst","actionData","errors"]

MalMusic

Overview

Job Positions

Tags