We intercepted this image from a suspected insider threat at De Monne Financial. It looks like parts of the image were cut out, but based on conversations between DEADFACE and the insider, we believe DEADFACE's wallet address is hidden in this image.

Download image
SHA1: e972d295c2624d3e33ab23c48587b916d6693320


As part of our Steganography workflow we review the image's various color planes with StegSolve. For this challenge the XOR Color Inversion turned out to be the solution. It uncovered the flag as well as a QR Code that appeared to produce an Ethereum wallet address when scanned(0xef03b6ac6cb55c2be281fd573c28fa59ec53a338).



Leave a comment