Founded on Youtube.com with a search ”Bitcoin stealer”.
How to use it… the uploader helps you.
- Senha: Techup
- Desativar Antivirus (Claro, se trata de um hack)
- Chave
- Servidor de Ligação
- Adicionar a sua carteira
- Use Proxy
- Aceite os termos
- Verifique se o programa está atualizado
- Password: Techup
- Disable Antivirus (Of course, this is a hack)
- Key
- Connection Server
- Add to your wallet
- Use Proxy
- Accept the terms
- Make sure the program is up to date
All you have to do is to download it, run it and you become a rich guy…
We will not double click the .exe file…( it looks like a .exe).. or better say this SFX rar archive?!?
Let’s see something about the archive with richt click and propreties!
I dont like this SILENT=1. LOL
If we dont run the ”.exe”, the backdoor will not run in the background,
so let’s Extract it … and surprise.. there are more then one file,
including the backdoor files.winhlp32.exe
Isass.exe
After reversing the backdoor files i found this:
… so what about this minergate?!?C:/Users/user/Documents/projects/minergate.app/sources/cudaminer/src/cuda_cryptonight_core.cu
With this lovely usage:
And so many options:Usage:
minergate-cli [-version] -user <email> [-proxy <url>] -<currency> <threads> [<gpu intensity>] [-<currency> <threads> [<gpu intensity>] …] [-o <pool> -u <login> [-t <threads>] [-i <gpu intensity>]]
Conecting to: h**ps://minergate.comOptions:
-user account email from minergate.com
proxy server URL. Supports only socks protocols (for example: socks://192.168.0.1:1080
possible values: bcn xmr qcn xdn fcn mcn aeon dsh inf8 <mm_cc>+bcn <mm_cc>+xmr <mm_cc>+qcn <mm_cc>+xdn <mm_cc>+aeon <mm_cc>+dsh. Where <mm_cc> is fcn or mcn
threads count for specified currency
GPU mining intensity (NVidia only) (values range: 1..4. Recommended: 2)
mining pool URL
mining pool login
CPU threads count
GPU mining intensity
It seems that we have a nice backdoored software.
After you will run it.. in the backgound a silent miner will be instaled on your computer and in front of you will apare a nice error like this:
If you dont understand, you will download this software, after the first run will appear a error message and it will not work, but in underground you will have already instaled a virus.Blockchain Wallet Stealer 2017\message.vbs
x=msgbox(“Hardware is not compatible, try on another PC or restart and run with disabled antivirus.”, 0+16, “Error“)
This time the virus is a Silent Miner, that will use your computer to work for some hacker and this will help hit to make some bitcoins.
The Youtube channel Teck up has more videos like this one .. and all of them are with this backdoor.
Have fun & Stay safe!!!
Acest comentariu a fost eliminat de autor.
RăspundețiȘtergere