Obfuscated batch file downloads open-source stealer straight from GitHub

Obfuscated batch file downloads open-source stealer straight from GitHub
2024-7-4 22:13:24 Author: www.vmray.com(查看原文) 阅读量:7 收藏

Heavy obfuscation: Uses SomalifuscatorV2

Text editor confusion: Abuses UTF-16 Byte Order Marker

Encoding: Uses ROT-24 encoding

Anti-VM checks: Checks for VM (>4GB RAM) and employs anti-tampering methods

Stealer download: Fetches open-source KematianStealer from GitHub, patches C2 on the fly

Stealer behavior: Written in PowerShell, exfiltrates sensitive data, evades monitoring, maintains persistence

文章来源: https://www.vmray.com/obfuscated-batch-file-downloads-open-source-stealer-straight-from-github/
如有侵权请联系:admin#unsafe.sh