Sign In
Create Account
Im going to start a new thing for every infected thread , ASSUMING it has the clean BINs binded to it
I will reupload the the Content but the CLEAN Version.
Now it wont always be possible as some dont have the Binded Bins or are just plain out all infected
This Sample was Binded as a Windows .CAB or Cabinet File Upon Extraction you will get the Infected Bins and Non Infected Bins
Once Executed , Select option "1" enter a Random key
Once Greeted with the Logo Screen click Enter.
===========================================================
Downloads
===========================================================
Zippyshare
AnonFiles
MirrorAce
MultiUp
REAL VT Bin Scan:
https://www.virustot...41ddfa207177ad5
Clown of the Day Spreading the Coin Miner Malware goes to:
SpoilerFull Analysis ON the INFECTED version
~ "WEXTRACT.exe" is the original file name
~ Description "Internet Explorer" (spoofed file details)
~ Its a Cabinet file so when extracting it now gives us two EXEs (Brw0C.exe) & (GANG.exe)
~ Gang.exe seems to be legit "Brw0C.exe" is not , it is also 700+ mb
~ Uses MPRESS packer
~ Runs as Admin executes Powershell
~ Drops files in the %AppData% Roaming Folder under "WindowsElements" folder
~ Files Dropped "Kapow.zip" , "DesktopSessionManager.exe" , "AntimalwareService.exe"
~ In the "Kapow" folder it has a file called "GPUMonitor.exe"
Bin Scans:
Spoiler
GANG-NUKER 2.0 Cracked | DISCORD MULTI TOOL | Cleaned by ObbedCode
#371
Posted 28 June 2023 - 02:12 PM
Likes
Member
#372
Posted 28 June 2023 - 05:47 PM
Likes
New Member
#373
Posted 28 June 2023 - 11:28 PM
Likes
Member
#374
Posted 30 June 2023 - 07:35 PM
Likes
New Member
#375
Posted 30 June 2023 - 11:56 PM
Likes
Member
#376
Posted 02 July 2023 - 04:11 PM
Likes
Advanced Member
#377
Posted 03 July 2023 - 02:01 PM
Likes
New Member
#378
Posted 03 July 2023 - 04:12 PM
Likes
Lurker
Im going to start a new thing for every infected thread , ASSUMING it has the clean BINs binded to it
I will reupload the the Content but the CLEAN Version.
Now it wont always be possible as some dont have the Binded Bins or are just plain out all infected
This Sample was Binded as a Windows .CAB or Cabinet File Upon Extraction you will get the Infected Bins and Non Infected Bins
Once Executed , Select option "1" enter a Random key
Once Greeted with the Logo Screen click Enter.
===========================================================
Downloads
===========================================================
Zippyshare
AnonFiles
MirrorAce
MultiUp
REAL VT Bin Scan:
https://www.virustot...41ddfa207177ad5
Clown of the Day Spreading the Coin Miner Malware goes to:
SpoilerFull Analysis ON the INFECTED version
~ "WEXTRACT.exe" is the original file name
~ Description "Internet Explorer" (spoofed file details)
~ Its a Cabinet file so when extracting it now gives us two EXEs (Brw0C.exe) & (GANG.exe)
~ Gang.exe seems to be legit "Brw0C.exe" is not , it is also 700+ mb
~ Uses MPRESS packer
~ Runs as Admin executes Powershell
~ Drops files in the %AppData% Roaming Folder under "WindowsElements" folder
~ Files Dropped "Kapow.zip" , "DesktopSessionManager.exe" , "AntimalwareService.exe"
~ In the "Kapow" folder it has a file called "GPUMonitor.exe"
Bin Scans:
Spoilerxddddddddddddddddddddddddddddddddd
#379
Posted 03 July 2023 - 08:57 PM
Likes
Advanced Member
#380
Posted 04 July 2023 - 10:30 AM
Likes
Member
Users browsing this thread: and 1 guests
