Robopak Exploit Kit

Looks like a new exploit kit is making its rounds. The seller is actually a service provider and the toolkit is used as a kind of EaaS (“Exploits as a Service”). The kit includes several Java, PDF, and IE exploits in its arsenal. The rental fee is: $30 per day, $150 per week, and $500 per month.

Here’s how the statistics page looks like:

The exploit code is wrapped in obfuscated Javascript which looks like a complete mess:

You need to decrypt this in two separate parts. First, you need to figure out the script at the very bottom. If you do, you will be rewarded with this:

Now you need to copy the top part of the first script and paste it into the resulting second script.

Then the exploit code can finally be revealed.

I thought this was yet another version of Siberia but apparently it’s not. There appears to be some overlap in the code though.

This entry was posted in Exploit Packs, Malscript and tagged , . Bookmark the permalink.