Sample

Metadata

SHA256: 49660527c1c910ad2d3c5625c1b44682e465e45b65883dfc8d7d229d1bd0ebd8
Difficulty: advanced
Platform: Windows
Tags: discord mythjs nodejs packed pkg stealer javascript
Likes: 0
Views: 956
Submitter: struppigel

Analysis

Goal

Extract the main.js, decompile and deobfuscate it so far that you can see the webhook

Description

This is a NodeJs application packed with PKG. Automatic deobfuscators fail but can be coerced with some changes.
It helps to figure out the deobfuscator first.

Difficulty set to advanced because it may require custom tooling.

Recommended Tools

nodejs

Solutions

Deobfuscating NodeJs pkg packed stealer MythJs Reference by struppigel

Image

Video

Solution by struppigel: Deobfuscating NodeJs pkg packed stealer MythJs

Comments

Please login to view and post comments.