Hello this is my initial post and today I will be analysing a piece of javascript malware possibly a dropper

As you can see the javascript file is obfuscated and the goal here in this blog post is to obtain the malware sample

I have now decoded the obfuscated script down to the malicious powershell command that contains the next stage by simply outputting the contents of the code through a console.log statement in the javascript

the text containing the next stage is reversed but it is easily bypassed using cyberchef reverse and replacing the gibberish in the beginning of the url with https and this is the result

and the final payload is a RAT called remcos which is a commodity malware available on dark web marketplaces malware information link where I found the sample link to virustotal page

Audio Permission

Hello this is my initial post and today I will be analysing a piece of javascript malware possibly a dropper

As you can see the javascript file is obfuscated and the goal here in this blog post is to obtain the malware sample

I have now decoded the obfuscated script down to the malicious powershell command that contains the next stage by simply outputting the contents of the code through a console.log statement in the javascript