Category Archives: malware analysis

Suspicious Code Repository for Job Seeker (Part 3)

This is the third part of dissecting the obfuscated NodeJS code. Just in case you missed1. Part 1, you can read it here: https://tintinnya.com/2024/09/suspicious-code-repository-for-job-seeker-part-1/ and 2. Part 2 here: https://tintinnya.com/2024/10/suspicious-code-repository-for-job-seeker-part-2/ Function P(), ot(), rt() are called if the victim is using ‘linux’ platform. Section 3.1.2 function P()Let’s see what is this function do At glance,… Read More »

Suspicious Code Repository for Job Seeker (Part 2)

This is the second part of dissecting the obfuscated NodeJS code. Just in case you missed the Part 1, you can read it here: https://tintinnya.com/2024/09/suspicious-code-repository-for-job-seeker-part-1/ From the first dropper discussed in the Part 1, I found another obfuscated NodeJS file named test.js which was downloaded from the IP address and port number hiding in the… Read More »