PowerShell CRYPTOSTEALER through DNS
HTML-код
- Опубликовано: 8 май 2023
- j-h.io/snyk || Try Snyk to find vulnerabilities in your own code and applications FOR FREE ➡ j-h.io/snyk
🔥 RUclips ALGORITHM ➡ Like, Comment, & Subscribe!
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
Powershell is so cool, you never have to worry about installation. Makes it easier
John, you are an amazing Fella who always makes AAA+ quality videos! Huge props to you!! 😊
Love this content! Thank you for the analysis as always ❤️
Already stopped the same attack thanks for this. Also did the malware analysis of the .ps1 file.
18:35
Love these videos 😎!!
Sho talented person.
Great video! Almost went into the rabbit hole together with you :D
love your videos sir
Thanks man!!
That UUID at the top of the script in the registry is probably to change the signature of the script.
Powershell stuff is interesting af
13:01
aaawesome !!!
Great master
thanks
uuh, wtf. I found this on a pc two weeks ago, 3 PowerShell files with a name of 4 random characters with the exact same contents. I correctly identified it as a virus and did some research, after deleting it there still remained some other parts which I could not find (I am a noob on this), so wiped everything. Amazing to see a video on it
coolbase64 package for sublime would be useful for this kind of stuff since you do a lot of decoding ,you can just select and decode in sublime directly
I had this too and not sure where I had gotten it.
How are they injecting and running the PowerShell? It feels like we’re missing the initial attack.