Yaya48/FIVEM_CIPHER_MALWARES
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Yaya48 a16d35761f Actualiser README.md
2025-03-15 20:02:38 +01:00
Payloads
Move files
2025-03-15 19:49:19 +01:00
Cipher_15_03.png
Move files
2025-03-15 19:49:19 +01:00
README.md
Actualiser README.md
2025-03-15 20:02:38 +01:00

README.md

FIVEM CIPHER PANEL BASIC ANALYSIS AND INFECTION PAYLAOD DUMPS

In this repo you will find,

-> Infection Dumps from 15/03/2025
-> A schema on how it work
-> The repo doesn't contain de-obfuscated payloads.


-> About Payoad obfuscation
    -> Stage 1 : Use Luraph
    -> Stage 2 : use some basic custom Xor encryption really easy to decrypt even chatgpt do it.
    -> Stage 3 : Use https://obfuscator.io/ you can partially revert with https://obf-io.deobfuscate.io/ (You will have to cleanup junk code manually.)
    -> Stage 4 : Some VM Like obfuscation for Javascript didn't look into it.
    -> Stage 5 : Not obfusctated clear-text powershell.
    -> Stage 6 : Backdoor'd DLLs and stuff didn't take the time to reverse it.
    -> Stage 7 : For lua files its Luraph, For JS files its https://obfuscator.io/

A schema on how it works.

Alt Text

Description
FiveM Cipher Panel Malware Basics Analysis
Readme 48 MiB
Languages
Lua 93.7%
VBScript 6.3%