Yaya48/FIVEM_CIPHER_MALWARES
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Yaya48 d7db15f60c Actualiser README.md
2025-03-15 19:57:31 +01:00
Payloads
Move files
2025-03-15 19:49:19 +01:00
Cipher_15_03.png
Move files
2025-03-15 19:49:19 +01:00
README.md
Actualiser README.md
2025-03-15 19:57:31 +01:00

README.md

FIVEM CIPHER PANEL BASIC ANALYSIS AND INFECTION PAYLAOD DUMPS

** In this repo you will find ** -> Infection Dumps from 15/03/2025 -> A schema on how it work -> The repo doesn't contain de-obfuscated payloads.

-> About Payoad obfuscation
    -> Stage 1 : Use Luraph
    -> Stage 2 : use some basic custom Xor encryption really easy to decrypt even chatgpt do it.
    -> Stage 3 : Use https://obfuscator.io/ you can partially revert with https://obf-io.deobfuscate.io/ (You will have to cleanup junk code manually.)
    -> Stage 4 : Some VM Like obfuscation for Javascript didn't look into it.
    -> Stage 5 : Not obfusctated clear-text powershell.
    -> Stage 6 : Backdoor'd DLLs and stuff didn't take the time to reverse it.
    -> Stage 7 : For lua files its Luraph, For JS files its https://obfuscator.io/

A schema on how it works.

Alt Text

Description
FiveM Cipher Panel Malware Basics Analysis
Readme 48 MiB
Languages
Lua 93.7%
VBScript 6.3%