nukoneZ's Ransomware

Author:
nukoneZ

Language:
C/C++

Upload:
2025-06-11 02:04

Download

Platform:
Windows

Difficulty:
3.1

Quality:
5.1

Arch:
x86-64

Downloads:
178

Size:
63.63 KB

Writeups:
3

Comments:
14

Description

A hacker launched a ransomware attack on Lisa’s machine, encrypting all critical data in her wallet. Help Lisa recover her lost files!

Comments (14)
Writeups (3)

You must be logged in to post a comment

torontotokyo on 2025-06-14 09:56: I'm stuck on libgen.dll and the first function in the program. I don't understand where to get the "anonymous" file or something like that. Can I get a hint?

nukoneZ on 2025-06-14 11:49: You can learn and study more about Command and Control. You need to understand how the program sends and receives data from the server and you need to understand each step that the program performs then you can compare on the file that I have recorded to extract data.

torontotokyo on 2025-06-14 17:18: I got libgen.dll with wireshark dump and encrypted user.html . But from this dll, functions are called with an argument in the form of a file, for example: void* gen_from_file(char* arg1) FILE* _Stream = fopen(_FileName: arg1, _Mode: "rb") or void* gen(void* file, void* len) And I can't figure out what to do about it, maybe I'm stupid?

6ffteait on 2025-06-14 19:46: i found anonymous but not libgen.dll, look for certain requests, mainly at the beginning of the capture

nukoneZ on 2025-06-15 08:19: @torontotokyo Congratulations on finding the DLL, but you need to understand what I am importing into the program for.

nukoneZ on 2025-06-15 08:21: @6ffteait "anonymous" it is very important for your next step.

torontotokyo on 2025-06-15 10:52: I'm really just stupid, I didn't see these http packets and ignored them... A very interesting crackme!

nukoneZ on 2025-06-15 13:40: @torontotokyo Thank you very much i will try to create better challenges

lexx on 2025-06-26 10:02: [Click to reveal]

quachduytu on 2025-07-02 15:46: this challenge is really cool, if you are really the one who created it can you give me your facebook info :)) i have a lot of questions since i am new

nukoneZ on 2025-07-04 06:44: @quachduytu https://www.facebook.com/quocky05

ericliu on 2025-07-31 14:16: @torontotokyo After reading your write-up, I still don't understand how you used x64dbg to obtain the decryption key for user.html.enc. Could you give me more hints?

0x7370 on 2025-08-03 14:26: nice one - it wasn't hard but actually fun to solve! :)

scaredandalone on 2025-08-14 04:59: this challenge is very high quality. highly recommend. make sure you read everything twice and actually understand whats going on. got stuck for a while because it was prepending some data before sending it to the C2 and i didnt notice. awesome challenge @nukoneZ, might do a writeup.

Show all spoilers

You must be logged in to submit a writeup

Solution by torontotokyo on 2025-06-15 11:49:
Flag is F4N_N3R0{W3lc0m3_t0_my_pr0f1l3_7h1s_1s_my_w@ll3t_k3y}

Download

Solution by scaredandalone on 2025-08-17 13:58:
cool challenge :D

Download

Solution by mcarbone on 2025-11-09 05:48:
This was fun! :-) MC

Download

crackmes.one

crackmes.one

nukoneZ's Ransomware