VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges
SecureList
AUGUST 10, 2022
VileDropper code excerpt in its original form. VileDropper also checks its interpreter and file name, to immediately stop execution if it is not called as planned (this is probably done to evade sandboxes), as can be seen in the following deobfuscated code excerpt: if (aWShell1["CurrentDirectory"]["toLowerCase"]() != book-advp[.]com.
Let's personalize your content