Category Archives: malware analysis

Suspicious Code Repository for Job Seeker (Part 3)

This is the third part of dissecting the obfuscated NodeJS code. Just in case you missed1. Part 1, you can read it here: https://tintinnya.com/2024/09/suspicious-code-repository-for-job-seeker-part-1/ and 2. Part 2 here: https://tintinnya.com/2024/10/suspicious-code-repository-for-job-seeker-part-2/ Function P(), ot(), rt() are called if the victim is using ‘linux’ platform. Section 3.1.2 function P()Let’s see what is this function do At glance,… Read More »

Suspicious Code Repository for Job Seeker (Part 2)

This is the second part of dissecting the obfuscated NodeJS code. Just in case you missed the Part 1, you can read it here: https://tintinnya.com/2024/09/suspicious-code-repository-for-job-seeker-part-1/ From the first dropper discussed in the Part 1, I found another obfuscated NodeJS file named test.js which was downloaded from the IP address and port number hiding in the… Read More »

Suspicious Code Repository for Job Seeker (Part 1)

I was told by my circles in WhatsApp Group that there was an X.com user almost become a victim of malicious code from a suspicious code repository. This post will discuss on what I did to uncover the details of the malicious obfuscated code inside the code repository. The post actually began with the story… Read More »