Yaya48/FIVEM_CIPHER_MALWARES
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Yaya48 5a86b9aab9 Actualiser README.md
2025-03-15 20:23:22 +01:00
Payloads
Move files
2025-03-15 19:49:19 +01:00
Cipher_15_03.png
Move files
2025-03-15 19:49:19 +01:00
README.md
Actualiser README.md
2025-03-15 20:23:22 +01:00

README.md

FIVEM CIPHER PANEL BASIC ANALYSIS AND INFECTION PAYLAOD DUMPS

In this repo you will find,

-> Infection Dumps from 15/03/2025
-> A schema on how it work
-> The repo doesn't contain de-obfuscated payloads.
-> What to do if i got infected ?


-> About Payoad obfuscation
    -> Stage 1 : Use Luraph
    -> Stage 2 : use some basic custom Xor encryption really easy to decrypt even chatgpt do it.
    -> Stage 3 : Use https://obfuscator.io/ you can partially revert with https://obf-io.deobfuscate.io/ (You will have to cleanup junk code manually.)
    -> Stage 4 : Some VM Like obfuscation for Javascript didn't look into it.
    -> Stage 5 : Not obfusctated clear-text powershell.
    -> Stage 6 : Backdoor'd DLLs and stuff didn't take the time to reverse it.
    -> Stage 7 : For lua files its Luraph, For JS files its https://obfuscator.io/

-> If you got infected : Re-install completly the server OS, and do not re-use your old server-data folder. Why ? CIPHER give full OS control to the attackers and so they can execute system command remotely and install other shit on your machine. and btw avoid running FIVEM Servers as Administrator/Root.

A schema on how it works.

Alt Text

Description
FiveM Cipher Panel Malware Basics Analysis
Readme 48 MiB
Languages
Lua 93.7%
VBScript 6.3%