Forensics - 400 points
There has been some malware detected, can you help with the analysis? More info here. Connect with nc 2018shell2.picoctf.com 27641.
$ nc 2018shell2.picoctf.com 27641
You'll need to consult the file `clusters.png` to answer the following questions.
How many attackers created the malware in this dataset?
5
Correct!
In the following sample of files from the larger dataset, which file was made by the same attacker who made the file 628e79cf? Indicate your answer by entering that file's hash.
hash jmp_count add_count
0 628e79cf 7.0 19.0
1 cc251d4b 19.0 39.0
2 e2dd99c5 37.0 32.0
3 076237a5 14.0 45.0
4 4a6dcbb5 43.0 10.0
5 1e3d7e49 42.0 8.0
6 2be8f9ec 18.0 64.0
7 24c2d2ed 35.0 32.0
8 d5eeef48 21.0 67.0
9 ebaf5ccd 8.0 20.0
ebaf5ccd
Correct!
Great job. You've earned the flag: picoCTF{w4y_0ut_28483c2e}
Downloads
Reasons:
- 5 colors in the graph
- Similar jmp_count and add_count
picoCTF{w4y_0ut_28483c2e}