[color=#FF00]Link (Dangerous): [/color]
Scan results:
Extra Info: First time poster. I hope I’m doing this right. I felt this was the best area to post this.
Anyways, like the title of this post I poked around, sandboxed their website, and was able to download and decode their poorly crafted base64 encoded JavaScript that attempted to download a very scammy EXE/DMG file called InstallSoraAI.exe
The decrypted message seem to have Russian in it. So maybe russian hackers? lol.
Anyways here’s the pastebin if you’re curious about the decrypted data. <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <me - Pastebin.com
If you’re going to play with any of the URLs do so carefully and in a sandbox.
It looks like there’s two different URLs that are trying to get a malicious file onto a person’s machine
albanianvibes and bendiregitimi
I wasn’t successful in getting the .exe or .dmg file to download. There’s some additional things that seem to need to happen first before it’ll actually download. If you happen to get your hands on the EXE I’m curious what’s potentially inside the decompiled binaries.
