Fake OnlyFans MALWARE: Remcos Infostealer VBScript Stager
105,248
Published 2023-06-22
🔥 YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
All Comments (21)
-
My favorite part is when John is trying to hide that he knows Lana Rhoades
-
Thanks John! Finally an excuse for my significant other to say on why I'm on OnlyFans. I'm doing it for the greater cyber security community!
-
The thing is that they used VBS this time in a good and absolutely different way. As always great work John!
-
Nice to see Malware Analysis back! My favorite series!
-
I just came by after watching you with Dr. Auger on his show. Been a fan of yours for a couple years now. Thanks doing the fireside chat!
-
Not gonna lie...I jumped here seeing the thumbnail🤣🤣
-
Just a clarification: %WINDIR%\SysWOW64 directory actually contains 32bit program code. What SysWOW64 stands for is System Windows on Windows 64bit (which implies 32bit code emulation on 64bit Windows). The true 64bit binaries are actually in %WINDIR%\System32. So this VBS script actually checks if the system is 64bit, so it runs the correct 32bit application.
-
Awesome teardown dude!
-
Very much enjoyed this video! Keep up the good work
-
Thanks, John!
-
Nice video!! Thank you
-
John doing Electron Exploit dirty in that ad 🤣
-
Hammond and Rhodes- best combo ever!!
-
Thanks John for the quick answer, like John Wick's revenge hhhhhh .. Still expecting qualities as the old vids. Details matters you know. However we are not Fans but we are supporters. Good day to you !
-
Thanks for the heads up, Seth Rogan!
-
The colon in a traditional BASIC is a multiple-statement-per-line mechanism. So putting :: just does nothing, though it is syntactically correct.
-
As someone fairly new to these thing... OH My God... as someone who is interested in these things...Oh My God. Finally, as someone who is slowly,. Very slowly learning these things... Thank you.
-
anyrun is goated
-
that "rompepepe" variable makes me think the developer is argentinean. "Rompe Pepe" was a catchphrase of a sketch in the humoristic tv show of the ninetees (Videomatch). It was a hidden camera prank where a team of workers want to make a hole in someone sidewalk, so the owner of the house argues with the crew and one of they says "rompe Pepe!" ("break it Pepe") to Pepe, the guy with the sledgehammer making the victim of the prank angrier.
-
If only I had $100+USD to spend per month on "Pro Mode" AnyRun, maybe I can be like Mr. Hammond one day. Haha In all seriousness, great vid John, thanks for all the info you give to the community.