TryHack3M: Bricks Heist
Crack the code, command the exploit! Dive into the heart of the system with just an RCE CVE as your key.
Make every campaign better than the last with GetResponse Email Marketing + Landing Pages + Marketing Automation — $49 only
Answer
Q: What is the content of the hidden .txt file in the web folder?
Ans: THM{fl46_650c844110baced87e1606453b93f22a}
Q: What is the name of the suspicious process?
Ans: nm-inet-dialog
Q: What is the service name affiliated with the suspicious process?
Ans: ubuntu.service
Q: What is the log file name of the miner instance?
Ans: inet.conf
Q: What is the wallet address of the miner instance?
Ans: bc1qyk79fcp9hd5kreprce89tkh4wrtl8avt4l67qa
Q: The wallet address used has been involved in transactions between wallets belonging to which threat group?
Ans: LockBit
Just copy the sender’s address and search on Google:
google search for sender
One can visit any link further. (Even I visited some). But, the third one in the list has something juicy:
threat group reveal
Finally, it shows the link of LockBit Ransomware Group with this wallet.
