9Oca
what is this payload doing? [closed]
I received a piece of malicious code in one of the projects I am working on disguised as an empty txt file.
The code I am sharing now was then run in node.js with the function eval().
See flow of actions:
App.js entrypoint upon npm run start requires css.js
Css.js if you run win32 reads the types.txt file and eval with node
Upon digging you see tyoes.txt is marked as "empty"
Scroll and you will discover a "hidden" the payload
I am intersted in understanding what this payload should have done? It was supposed to run on a win32 machine.
The payload is too long to be shared here (3k char limit)... But I have it on syncfiddle: https://syncfiddle.net/fiddle/-OGA45d99gqyB1WBPKMG
Very interested to get to the bottom of this!
