Yara Magic - YARA Writeup (CyberTalents)

# YARA MAGIC >>CyberTalents # Yara Magic Writeup ## Introduction Ladies and gentlemen, gather around, for today we embark on a perilous journey into the world of YARA and malware analysis. Now, I know what you're thinking: "YARA? Is that some exotic dance from a far-off land?" Well, I hate to disappoint, but we won't be shaking our hips here (unless you're into that kind of thing). Instead, we're diving headfirst into the fascinating realm where computer viruses and nerdy detectives collide. So, grab your magnifying glass, don your deerstalker hat (or just your favorite hoodie), and let's uncover the digital mysteries of the cyber universe, one suspicious byte at a time! ## Challenge Description Help us!Here is a copy of a folder of ours, we need you to scan this folder with this Yara rule and check if we have any matches!, Scan this folder with the rule and provide us with the matched filename. Link to the folder - [https://hubchallenges.s3.eu-west-1.amazonaws.com/foren/Yara+Magic.tar.gz](#-) ## Solution Yara is an open source malware tool that allows to do malware research and analysis. You can use Yara on windows or Linux, for this exercise i'll be using Yara on Kali Linux, because afterall this is cybersec and we are also trying to learn how to properly use Linux (and plus i have learnt that using the terminal is quite fun) ## Step 1 We will begin by downloading and and extracting the directory that is hosted in the link provided above. After downloading and extracting it we have a Directory called "Yara Magic", when we open this directory we find 2 items in it, 1 directory named "Folder" and a text file named "rule.yara". Now this text files picks my interest and upon opening it i find out that it contains the rule that was referrenced in the instructions above.![](https://hackmd.io/_uploads/SJoTaf80n.png) ![](https://hackmd.io/_uploads/B1a-0M8Rh.png) ### Step 2 Now that we have this rule this makes our work really easy. what we now need to do is open the terminal and run Yara. Before your get very excited, we need to understand what format of command syntax we need to use. While using Yara we need to follow this simple command syntax format: **#Yara option yara_rule target** now with this syntax we need to break it down: **Yara** : this calls the program in kali **Option**: -f , we will be using -f which will enable us run a fast scan known as fast matching mode (make sure to check the manual page on kali to understand this) **Target**: This willl be the directory named "Folder" Now lets get cracking :) We now need to open the terminal and run the above command syntax. incase you forgot, this is what we need to run in the terminal ***yara -f rule.yara Folder*** Make sure you navigate to the directory with the files, alternatively you can just open the terminal directly from this location. ![](https://hackmd.io/_uploads/S1w1Wm8An.png) Now we have a file named "12776" inside the "Folder" directory, seems like we hit the jackpot on this. The instructions required us to give the file name so now we will submit the flag in the following format; ***flag{12776}*** <<<<<<<<<<<<<<<<<<<<<<<<<<<END>>>>>>>>>>>>>>>>>>> FYI: ChatGPT wrote that dope opening in the Introduction section, so make sure to play around with the ting. Cheers, till next time. --- **Author:** Gr3yW0lff **Date:** September 2023