TryHackMe:[Day 16] OSINT Ransomware Madness

3 min readApr 17, 2022

--

What is the operator’s username?

ANS: GrinchWho31

EXPLANATION:

Step 1: Translate this using Google Translate

!!! ВАЖНЫЙ !!!

Ваши файлы были зашифрованы Гринчем. Мы используем самые современные технологии шифрования.

Чтобы получить доступ к своим файлам, обратитесь к оператору Grinch Enterprises.

Ваш личный идентификационный идентификатор: «b288b97e-665d-4105-a3b2–666da90db14b».

С оператором, назначенным для вашего дела, можно связаться как “GrinchWho31” на всех платформах.

!!! ВАЖНЫЙ !!!

2. What social media platform is the username associated with?

ANS: Twitter

EXPLANATION:

Step 1: We know username is GrinchWho31, search in all social media platform and google search

3. What is the cryptographic identifier associated with the operator?

ANS: 1GW8QR7CWW3cpvVPGMCF5tZz4j96ncEgrVaR

EXPLANATION:

Step 1: We looking into the Twitter Post of Grinch`s Account and notice some crypto key

4. What platform is the cryptographic identifier associated with?

ANS: keybase.io

EXPLANATION:

Step 1: We looking into the Twitter Post of Grinch`s Account and notice some crypto link URL

5. What is the bitcoin address of the operator?

ANS: bc1q5q2w2x6yka5gchr89988p2c8w8nquem6tndw2f

EXPLANATION:

Step 1: Open this link (https://keybase.io/grinchwho31/sigs/1GW8QR7CWW3cpvVPGMCF5tZz4j96ncEgrVaR) and look for cryto address

6. What platform does the operator leak the bitcoin address on?

ANS: GitHub

EXPLANATION:

Step 1: Go to the github link (https://github.com/ChristmasHater31) which display on keybase.io

Step 2: Go to Christmans-Stealer -> ransom.cpp -> check for the cryto address

7. What is the operator’s personal email?

ANS: DonteHeath21@gmail.com

EXPLANATION:

Step 1: We go to Repositories -> ChristBASHTree

Step 2: Click on Update tree.sh

Step 3: Scroll down this, we see this message.

echo “Contact: DonteHeath21@gmail.com”

8. What is the operator’s real name?

ANS: Donte Heath

EXPLANATION:

Step 1: Go to /ChristBASHTree

Step 2: Click on Commit

Step 3: Click on Create tree.sh and scroll down till we see :

echo “Created by Donte Heath”

*****************THANK YOU****KEEP LEARNING ******************

HOPE YOU GUYS, THIS WALKTHROUGH MIGHT HELP YOU,IF SO LIKE THE PAGE WILL BE MUCH APPRECIATED AND FOLLOW MY PROFILE FOR MORE WRITE-UPS

*******PEACE*****

Tryhackme Writeup

Mac Leo

Written by Mac Leo

Hacker |Cybersecurity Researcher | CTF Player |Cybersecurity Enthusiast

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams