Download File Ccccccccccccc.rar
Download File - https://urlin.us/2tkCRB
As you can see in the image, front.jpg is downloaded and saved into settings.bat. The contents of hxxps://install[.]realproheros.com/c.txt is then outputted into c.bat which is then outputted into b.bat.
At the time of writing, the v1.6.0 of the malware only produced 1/70 detections according to VirusTotal. Malicious code packed into .exe files using PyInstaller or py2exe are already difficult to detect. The fact that the threat actors leveraged a layer of fernet encryption to hide the original source compounds the difficulty of detecting known malicious strings. 59ce067264