Instructions
Created by: hotstovehove
Ransomware was recently discovered on a system within De Monne’s network courtesy of a DEADFACE member. Luckily, they were able to restore from backups. You have been tasked with finding the Bitcoin wallet address from the provided sample so that it can be reported to the authorities. Locate the wallet address in the code sample and submit the flag as flag{wallet_address}
.
Download File
SHA1: 69c2fd859d7f3666349b41106bef348ce51ca0da
Solution
Looking through the Powershell script, we find a Store-BtwWalletAddress
function with a base64-encoded Bitcoin wallet address.
function Store-BtcWalletAddress {
`$global:BtcWalletAddress = [System.Convert]::FromBase64String([System.Text.Encoding]::UTF8.GetBytes('bjMzaGE1bm96aXhlNnJyZzcxa2d3eWlubWt1c3gy'))
$ echo "bjMzaGE1bm96aXhlNnJyZzcxa2d3eWlubWt1c3gy" | base64 -d
n33ha5nozixe6rrg71kgwyinmkusx2
flag{n33ha5nozixe6rrg71kgwyinmkusx2}