A new Silent Miner made to infect with remote access some ”hackers”.
The exe it is binded with some files to work underground.
taskhost.exe
original filename: canhost.exe
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY“; Key: “DISABLESECURITYSETTINGSCHECK
netsh firewall add allowedprogram “%APPDATA%\taskhost.exe
http://120988.myq-see.com
178.137.146.32 – Ukraine
41.226.243.30:1337
Temp1.exe
C:\Users\mourad\Documents\Visual Studio 2012\Projects\canhost\canhost\obj\Debug\canhost.pdb
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY”; Key: “DISABLESECURITYSETTINGSCHECK
netsh firewall add allowedprogram “%APPDATA%\taskhost.exe
http://120988.myq-see.com
178.137.146.32 – Ukraine
41.226.243.30:1337
Temp2.exe
original filename: BcnSilentminerBytcoin.exe
stratum+tcp://mine.p2pool.com:9327
http://www.bitcoin-adder.com
\visual studio 2012\Projects\Bcn Silent miner Bytcoin\Bcn Silent miner Bytcoin\obj\Debug\Bcn Silent miner Bytcoin.pdb
The antivirus software’s… hmmmm… 31/68 ?!?
Payload Security Team was there to.
And reported in the forum i found it!
Have fun & Stay safe!!!
Prodefence Team
Niciun comentariu:
Trimiteți un comentariu