b2aa52f6a09022524c8bd2b8411e3b5d7eab8f190300f84ff6ec11464568c96c
Has an onboard python project that is obfuscated
after deobfuscating it appears to be some kind of a backdoor/loader type bot that has an onboard config and retrieves the next hop from the ethereum blockchain,
Config:
_cfg = AgentConfig(server_url="http://127.0.0.1:8000", token="320473d40b7b18dc9fd3820bd48a55bf15806f835cb79b87f751a3b167534011", transport_mode="dns", dns_server_ip="127.0.0.1", dns_port=53, contract_address="0x5d04ed162c548fc4508cbb59266b02afbaf3ebc1", rpc_endpoints="https://eth.llamarpc.com,https://ethereum-rpc.publicnode.com,https://eth.drpc.org,https://rpc.eth.gateway.fm,https://eth-mainnet.public.blastapi.io,https://gateway.tenderly.co/public/mainnet,https://ethereum.rpc.subquery.network/public,https://eth.api.onfinality.io/public,https://rpc.sentio.xyz/mainnet,https://eth.merkle.io", blockchain_key="320473d40b7b18dc9fd3820bd48a55bf15806f835cb79b87f751a3b167534011", hardcoded_ip="", get_data_selector="1dcf296b")