AnyRun Christmas CTF

Keen-eyed Tweeps may have noticed that AnyRun tweeted out a Christmas CTF in their Xmas post card this year (see above). I enjoy a good CTF and with some help from @KrabsOnSecurity we uncovered a code for a free trial of AnyRun Explorer (an account option which is not on the pricing package). 

The CTF started with the above tweet, which contains a QR code. Once scanned a message appears:

Using the built-in QR code scanner on my iPhone the code, the message appeared. I then chucked this into base64decode as I have inspected enough malicious code to realise when it is encoded this way:

I got stuck here as the decoded output does not look like any encoded/encryption I have seen before. Luckily, @KrabsOnSecurity noticed this is an ID for an AnyRun sample run:

This revealed a glowing Christmas tree produced by a PowerShell script that, when downloaded, contained the code for the CTF:

And voila! We earned ourselves a nice trial of AnyRun explorer after a short CTF on Twitter:



I do enjoy a good CTF, if you also like CTFs, then feel free to check my own CTFs created for investigators to do some OSINT:

Popular posts from this blog

Deep-dive: The DarkHotel APT

OZH RAT - New .NET malware

My first year in Cyber Threat Intelligence