ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!

Jump to content



Photo

GANG-NUKER 2.0 Cracked | DISCORD MULTI TOOL | Cleaned by ObbedCode


  • Please log in to reply
GANG-NUKER 2.0 Cracked | DISCORD MULTI TOOL | Cleaned by ObbedCode

#391

Azmaine
Azmaine
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 2
Threads: 0
Joined: Mar 31, 2023
Credits: 0
One year registered
#391

 

Im going to start a new thing for every infected thread , ASSUMING it has the clean BINs binded to it

I will reupload the the Content but the CLEAN Version.

Now it wont always be possible as some dont have the Binded Bins or are just plain out all infected :(

 

This Sample was Binded as a Windows .CAB or Cabinet File Upon Extraction you will get the Infected Bins and Non Infected Bins

 

Once Executed , Select option "1" enter a Random key

Once Greeted with the Logo Screen click Enter.

 

cW4YOgm.png

 

===========================================================

Downloads

===========================================================

 

Zippyshare

 

 

AnonFiles

 

 

MirrorAce

 

 

MultiUp

 

 

 

REAL VT Bin Scan:

https://www.virustot...41ddfa207177ad5

 

Clown of the Day Spreading the Coin Miner Malware goes to:

 

Spoiler

Full Analysis ON the INFECTED version

 

~ "WEXTRACT.exe" is the original file name

~ Description "Internet Explorer" (spoofed file details)

~ Its a Cabinet file so when extracting it now gives us two EXEs (Brw0C.exe) & (GANG.exe)

~ Gang.exe seems to be legit "Brw0C.exe" is not , it is also 700+ mb

~ Uses MPRESS packer

~ Runs as Admin executes Powershell

~ Drops files in the %AppData% Roaming Folder under "WindowsElements" folder

~ Files Dropped "Kapow.zip" , "DesktopSessionManager.exe" , "AntimalwareService.exe"

~ In the "Kapow" folder it has a file called "GPUMonitor.exe"

 

https://imgur.com/a/Mkf0c2n

 

Bin Scans:

Spoiler

 

daw


  • 0

#392

Fayber
Fayber
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 2
Threads: 0
Joined: Mar 22, 2023
Credits: 0
One year registered
#392

 

Im going to start a new thing for every infected thread , ASSUMING it has the clean BINs binded to it

I will reupload the the Content but the CLEAN Version.

Now it wont always be possible as some dont have the Binded Bins or are just plain out all infected :(

 

This Sample was Binded as a Windows .CAB or Cabinet File Upon Extraction you will get the Infected Bins and Non Infected Bins

 

Once Executed , Select option "1" enter a Random key

Once Greeted with the Logo Screen click Enter.

 

cW4YOgm.png

 

===========================================================

Downloads

===========================================================

 

Zippyshare

 

 

AnonFiles

 

 

MirrorAce

 

 

MultiUp

 

 

 

REAL VT Bin Scan:

https://www.virustot...41ddfa207177ad5

 

Clown of the Day Spreading the Coin Miner Malware goes to:

 

Spoiler

Full Analysis ON the INFECTED version

 

~ "WEXTRACT.exe" is the original file name

~ Description "Internet Explorer" (spoofed file details)

~ Its a Cabinet file so when extracting it now gives us two EXEs (Brw0C.exe) & (GANG.exe)

~ Gang.exe seems to be legit "Brw0C.exe" is not , it is also 700+ mb

~ Uses MPRESS packer

~ Runs as Admin executes Powershell

~ Drops files in the %AppData% Roaming Folder under "WindowsElements" folder

~ Files Dropped "Kapow.zip" , "DesktopSessionManager.exe" , "AntimalwareService.exe"

~ In the "Kapow" folder it has a file called "GPUMonitor.exe"

 

https://imgur.com/a/Mkf0c2n

 

Bin Scans:

Spoiler

 

 

 

 

Prolly good


  • 0

#393

Fayber
Fayber
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 2
Threads: 0
Joined: Mar 22, 2023
Credits: 0
One year registered
#393

Nice


  • 0

#394

evster
evster
    Offline
    0
    Rep
    0
    Likes

    Member

  • PipPipPip
Posts: 51
Threads: 0
Joined: May 15, 2019
Credits: 0

Five years registered
#394

gotta try this


  • 0

#395

Davfwfawf
Davfwfawf
    Offline
    0
    Rep
    0
    Likes

    New Member

Posts: 10
Threads: 0
Joined: Jul 19, 2023
Credits: 0
One year registered
#395

w


  • 0

#396

overspend
overspend
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 1
Threads: 0
Joined: Jul 19, 2023
Credits: 0
One year registered
#396

ty bro


  • 0

#397

drakehittaz
drakehittaz
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 2
Threads: 0
Joined: Jan 13, 2023
Credits: 0
One year registered
#397

fire as hell


  • 0

#398

link67
link67
    Offline
    0
    Rep
    0
    Likes

    Advanced Member

  • PipPipPipPip
Posts: 89
Threads: 0
Joined: Jul 26, 2023
Credits: 0
One year registered
#398

bonsoir je veux bien merci

 


  • 0

#399

monald
monald
    Offline
    0
    Rep
    0
    Likes

    Member

Posts: 32
Threads: 0
Joined: Oct 14, 2021
Credits: 0
Three years registered
#399

Abdul


  • 0

#400

MineDelaHoya
MineDelaHoya
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 5
Threads: 0
Joined: Jul 25, 2023
Credits: 0
One year registered
#400

 

Im going to start a new thing for every infected thread , ASSUMING it has the clean BINs binded to it

I will reupload the the Content but the CLEAN Version.

Now it wont always be possible as some dont have the Binded Bins or are just plain out all infected :(

 

This Sample was Binded as a Windows .CAB or Cabinet File Upon Extraction you will get the Infected Bins and Non Infected Bins

 

Once Executed , Select option "1" enter a Random key

Once Greeted with the Logo Screen click Enter.

 

cW4YOgm.png

 

===========================================================

Downloads

===========================================================

 

Zippyshare

 

 

AnonFiles

 

 

MirrorAce

 

 

MultiUp

 

 

 

REAL VT Bin Scan:

https://www.virustot...41ddfa207177ad5

 

Clown of the Day Spreading the Coin Miner Malware goes to:

 

Spoiler

Full Analysis ON the INFECTED version

 

~ "WEXTRACT.exe" is the original file name

~ Description "Internet Explorer" (spoofed file details)

~ Its a Cabinet file so when extracting it now gives us two EXEs (Brw0C.exe) & (GANG.exe)

~ Gang.exe seems to be legit "Brw0C.exe" is not , it is also 700+ mb

~ Uses MPRESS packer

~ Runs as Admin executes Powershell

~ Drops files in the %AppData% Roaming Folder under "WindowsElements" folder

~ Files Dropped "Kapow.zip" , "DesktopSessionManager.exe" , "AntimalwareService.exe"

~ In the "Kapow" folder it has a file called "GPUMonitor.exe"

 

https://imgur.com/a/Mkf0c2n

 

Bin Scans:

Spoiler

 

Thanks for sharing I'll give it a look


  • 0


 Users browsing this thread: and 1 guests