marți, 24 octombrie 2017

Fake bitcoin wallet stealer – Silent miner backdoor – Reverse

I found another backdoored software. This was made for thouse who want to become hackers… or to make some easy money.
Founded on Youtube.com with a search ”Bitcoin stealer”.
How to use it… the uploader helps you.

  • Senha: Techup
  • Desativar Antivirus (Claro, se trata de um hack)
  • Chave
  • Servidor de Ligação
  • Adicionar a sua carteira
  • Use Proxy
  • Aceite os termos
  • Verifique se o programa está atualizado

  • Password: Techup
  • Disable Antivirus (Of course, this is a hack)
  • Key
  • Connection Server
  • Add to your wallet
  • Use Proxy
  • Accept the terms
  • Make sure the program is up to date

All you have to do is to download it, run it and you become a rich guy…
We will not double click the .exe file…( it looks like a .exe).. or better say this SFX rar archive?!?
Let’s see something about the archive with richt click and propreties!
I dont like this SILENT=1. LOL If we dont run the ”.exe”, the backdoor will not run in the background, so let’s Extract it … and surprise.. there are more then one file, including the backdoor files.
winhlp32.exe
Isass.exe

After reversing the backdoor files i found this:
C:/Users/user/Documents/projects/minergate.app/sources/cudaminer/src/cuda_cryptonight_core.cu
… so what about this minergate?!?
With this lovely usage:
Usage:
minergate-cli [-version] -user <email> [-proxy <url>] -<currency> <threads> [<gpu intensity>] [-<currency> <threads> [<gpu intensity>] …] [-o <pool> -u <login> [-t <threads>] [-i <gpu intensity>]]
And so many options:
Options:
-user account email from minergate.com
proxy server URL. Supports only socks protocols (for example: socks://192.168.0.1:1080
possible values: bcn xmr qcn xdn fcn mcn aeon dsh inf8 <mm_cc>+bcn <mm_cc>+xmr <mm_cc>+qcn <mm_cc>+xdn <mm_cc>+aeon <mm_cc>+dsh. Where <mm_cc> is fcn or mcn
threads count for specified currency
GPU mining intensity (NVidia only) (values range: 1..4. Recommended: 2)
mining pool URL
mining pool login
CPU threads count
GPU mining intensity
Conecting to: h**ps://minergate.com
It seems that we have a nice backdoored software.
After you will run it.. in the backgound a silent miner will be instaled on your computer and in front of you will apare a nice error like this:
Blockchain Wallet Stealer 2017\message.vbs
x=msgbox(“Hardware is not compatible, try on another PC or restart and run with disabled antivirus.”, 0+16, “Error“)
If you dont understand, you will download this software, after the first run will appear a error message and it will not work, but in underground you will have already instaled a virus.
This time the virus is a Silent Miner, that will use your computer to work for some hacker and this will help hit to make some bitcoins.
The Youtube channel Teck up has more videos like this one .. and all of them are with this backdoor.

Have fun & Stay safe!!!

Niciun comentariu:

Trimiteți un comentariu