generic_javascript_obfuscation2 in cloud.sistemascriticos.com

On 2020-05-11T19:52:19.222208+00:00 we found pattern generic_javascript_obfuscation2, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page http://cloud.sistemascriticos.com/apps/… referenced from http://cloud.sistemascriticos.com/ .

Code sample:

b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b'"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68fffffffffffffff' … b'"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a3' … b'"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a3' … b'"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a3' … b'"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a3' … b'"4e273adfc732221953b445397f3363145b9a89008199ecb62003c7f3bee9de9"' … b'"6f9d9b803ecf191637c73a4413dfa180fddf84a5947fbc9c606ed86c3fac3a7"' … b'"948bf809b1988a46b06c9f1919413b10f9226c60f668832ffd959af60c82a0a"' … b'"e507a3620a38261affdcbd9427222b839aefabe1582894d991d4d48cb6ef150"' … b'"67c876d06f3e06de1dadf16e5661db3c4b3ae6d48e35b2ff30bf0b61a71ba45"' … b'"35ec51092d8728050974c23a1d85d4b5d506cdc288490192ebac06cad10d5d"' … b'"928955ee637a84463729fd30e7afd2ed5f96274e5ad7e5cb09eda9c06d903ac"' … b'"d3a81ca6e785c06383937adf4b798caa6e8a9fbfa547b16d758d666581f33c1"' … b'"8ea9666139527a8c1dd94ce4f071fd23c8b350c5a4bb33748c4ba111faccae0"' … b'"ab0902e8d880a89758212eb65cdaf473a1a06da521fa91f29b5cb52db03ed81"' … b'"2de1068295dd865b64569335bd5dd80181d70ecfc882648423ba76b532b7d67"' … b'"2972d2de4f8d20681a78d93ec96fe23c26bfae84fb14db43b01e1e9056b8c49"' … b'"d0e3fa9eca8726909559e0d79269046bdc59ea10c70ce2b02d499ec224dc7f7"' … b'"49370a4b5f43412ea25f514e8ecdad05266115e4a7ecb1387231808f8b45963"' … b'"91b649609489d613d1d5e590f78e6d74ecfc061d57048bad9e76f302c5b9c61"' … b'"673fb86e5bda30fb3cd0ed304ea49a023ee33d0197a695d0c5d98093c536683"' … b'"a855babad5cd60c88b430a69f53a1a7a38289154964799be43d06d77d31da06"' … b'"9414685e97b1b5954bd46f730174136d57f1ceeb487443dc5321857ba73abee"' … b'"78c9407544ac132692ee1910a02439958ae04877151342ea96c4b6b35a49f51"' … b'"4f14351d0087efa49d245b328984989d5caf9450f34bfc0ed16e96b58fa9913"' … b'"73867f59c0659e81904f9a1c7543698e62562d6744c169ce7a36de01a8d6154"' … b'"336581ea7bfbbb290c191a2f507a41cf5643842170e914faeab27c2c579f726"' … b'"60660257dd11b3aa9c8ed618d24edff2306d320f1d03010e33a7d2057f3b3b6"' … b'"b4c4fe99c775a606e2d8862179139ffda61dc861c019e55cd2876eb2a27d84b"' … b'"4e8ceafb9b3e9a136dc7ff67e840295b499dfb3b2133e4ba113f2e4c0e121e5"' … b'"e3ae1974566ca06cc516d47e0fb165a674a3dabcfca15e722f0e3450f45889"' … b'"c14f8f2ccb27d6f109f6d08d03cc96a69ba8c34eec07bbcf566d48e33da6593"' … b'"21ae7f4680e889bb130619e2c0f95a360ceb573c70603139862afd617fa9b9f"' … b'"c3b997d050ee5d423ebaf66a6db9f57b3180c902875679de924b69d84a7b375"' … b'"9731141d81fc8f8084d37c6e7542006b3ee1b40d60dfe5362a5b132fd17ddc0"' … b'"cd1bc7cb6cc407bb2f0ca647c718a730cf71872e7d0d2a53fa20efcdfe61826"' … b'"712fcdd1b9053f09003a3481fa7762e9ffd7c8ef35a38509e2fbf2629008373"'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!