esunasoft

Summary of Observable Actions Collects browser cookies Collects cryptocurrency wallets Collects auto-filled values from installed browsers Collects Discord database, log files, tokens Collects Telegram Desktop data Collects Filezilla info and credentials Collects Steam info Collects NordVPN credentials Collects OpenVPN info Collects ProtonVPN info Captures screen Enumerates system info Checks host public IP Connects to 65.21.85.32:39288 to receive new tasks Can download and execute new updates, malware, etc. Program function contains connection routine that decrypts and connects to specified values in Arguments function. The Program function also allows for grabbing new tasks from the C2 to complete.  B64 → XOR → B64 → plain text value   In this manner, the C2 address, IP, and message displayed to the user executing the malware can be read. “@siril228” unencrypted value from ID argument in Arguments function. Quick glance at Google shows posts regarding...