ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!

Jump to content



Photo

GANG-NUKER 2.0 Cracked | DISCORD MULTI TOOL | Cleaned by ObbedCode


  • Please log in to reply
GANG-NUKER 2.0 Cracked | DISCORD MULTI TOOL | Cleaned by ObbedCode

#411

ehheh123
ehheh123
    Offline
    0
    Rep
    0
    Likes

    New Member

Posts: 18
Threads: 0
Joined: Aug 16, 2023
Credits: 0
One year registered
#411

nicd



[/spoiler]

 

 


  • 0

#412

ehheh123
ehheh123
    Offline
    0
    Rep
    0
    Likes

    New Member

Posts: 18
Threads: 0
Joined: Aug 16, 2023
Credits: 0
One year registered
#412

nicd



[/spoiler]

 

 


  • 0

#413

J3s3
J3s3
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 2
Threads: 0
Joined: Aug 21, 2023
Credits: 0
One year registered
#413

wow i need to try this now


  • 0

#414

LeonFred
LeonFred
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 1
Threads: 0
Joined: Aug 23, 2023
Credits: 0
One year registered
#414

 

Im going to start a new thing for every infected thread , ASSUMING it has the clean BINs binded to it

I will reupload the the Content but the CLEAN Version.

Now it wont always be possible as some dont have the Binded Bins or are just plain out all infected :(

 

This Sample was Binded as a Windows .CAB or Cabinet File Upon Extraction you will get the Infected Bins and Non Infected Bins

 

Once Executed , Select option "1" enter a Random key

Once Greeted with the Logo Screen click Enter.

 

cW4YOgm.png

 

===========================================================

Downloads

===========================================================

 

Zippyshare

 

 

AnonFiles

 

 

MirrorAce

 

 

MultiUp

 

 

 

REAL VT Bin Scan:

https://www.virustot...41ddfa207177ad5

 

Clown of the Day Spreading the Coin Miner Malware goes to:

 

Spoiler

Full Analysis ON the INFECTED version

 

~ "WEXTRACT.exe" is the original file name

~ Description "Internet Explorer" (spoofed file details)

~ Its a Cabinet file so when extracting it now gives us two EXEs (Brw0C.exe) & (GANG.exe)

~ Gang.exe seems to be legit "Brw0C.exe" is not , it is also 700+ mb

~ Uses MPRESS packer

~ Runs as Admin executes Powershell

~ Drops files in the %AppData% Roaming Folder under "WindowsElements" folder

~ Files Dropped "Kapow.zip" , "DesktopSessionManager.exe" , "AntimalwareService.exe"

~ In the "Kapow" folder it has a file called "GPUMonitor.exe"

 

https://imgur.com/a/Mkf0c2n

 

Bin Scans:

Spoiler

maybe it works lol


  • 0

#415

PaulHaul11
PaulHaul11
    Offline
    0
    Rep
    0
    Likes

    New Member

Posts: 11
Threads: 0
Joined: Jul 29, 2023
Credits: 0
One year registered
#415

thanks u


  • 0

#416

Tools123
Tools123
    Offline
    0
    Rep
    1
    Likes

    Lurker

Posts: 7
Threads: 0
Joined: Sep 01, 2023
Credits: 0
One year registered
#416

 

Im going to start a new thing for every infected thread , ASSUMING it has the clean BINs binded to it

I will reupload the the Content but the CLEAN Version.

Now it wont always be possible as some dont have the Binded Bins or are just plain out all infected :(

 

This Sample was Binded as a Windows .CAB or Cabinet File Upon Extraction you will get the Infected Bins and Non Infected Bins

 

Once Executed , Select option "1" enter a Random key

Once Greeted with the Logo Screen click Enter.

 

cW4YOgm.png

 

===========================================================

Downloads

===========================================================

 

Zippyshare

 

 

AnonFiles

 

 

MirrorAce

 

 

MultiUp

 

 

 

REAL VT Bin Scan:

https://www.virustot...41ddfa207177ad5

 

Clown of the Day Spreading the Coin Miner Malware goes to:

 

Spoiler

Full Analysis ON the INFECTED version

 

~ "WEXTRACT.exe" is the original file name

~ Description "Internet Explorer" (spoofed file details)

~ Its a Cabinet file so when extracting it now gives us two EXEs (Brw0C.exe) & (GANG.exe)

~ Gang.exe seems to be legit "Brw0C.exe" is not , it is also 700+ mb

~ Uses MPRESS packer

~ Runs as Admin executes Powershell

~ Drops files in the %AppData% Roaming Folder under "WindowsElements" folder

~ Files Dropped "Kapow.zip" , "DesktopSessionManager.exe" , "AntimalwareService.exe"

~ In the "Kapow" folder it has a file called "GPUMonitor.exe"

 

https://imgur.com/a/Mkf0c2n

 

Bin Scans:

Spoiler

 

yt


  • 0

#417

Rogersss12
Rogersss12
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 3
Threads: 0
Joined: Aug 31, 2023
Credits: 0
One year registered
#417

Thanks


  • 0

#418

MEHugandu
MEHugandu
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 3
Threads: 0
Joined: Sep 06, 2023
Credits: 0
One year registered
#418

wadsdawdsawsd


  • 0

#419

Swayz361x
Swayz361x
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 2
Threads: 0
Joined: Sep 06, 2023
Credits: 0
One year registered
#419

 

Im going to start a new thing for every infected thread , ASSUMING it has the clean BINs binded to it

I will reupload the the Content but the CLEAN Version.

Now it wont always be possible as some dont have the Binded Bins or are just plain out all infected :(

 

This Sample was Binded as a Windows .CAB or Cabinet File Upon Extraction you will get the Infected Bins and Non Infected Bins

 

Once Executed , Select option "1" enter a Random key

Once Greeted with the Logo Screen click Enter.

 

cW4YOgm.png

 

===========================================================

Downloads

===========================================================

 

Zippyshare

 

 

AnonFiles

 

 

MirrorAce

 

 

MultiUp

 

 

 

REAL VT Bin Scan:

https://www.virustot...41ddfa207177ad5

 

Clown of the Day Spreading the Coin Miner Malware goes to:

 

Spoiler

Full Analysis ON the INFECTED version

 

~ "WEXTRACT.exe" is the original file name

~ Description "Internet Explorer" (spoofed file details)

~ Its a Cabinet file so when extracting it now gives us two EXEs (Brw0C.exe) & (GANG.exe)

~ Gang.exe seems to be legit "Brw0C.exe" is not , it is also 700+ mb

~ Uses MPRESS packer

~ Runs as Admin executes Powershell

~ Drops files in the %AppData% Roaming Folder under "WindowsElements" folder

~ Files Dropped "Kapow.zip" , "DesktopSessionManager.exe" , "AntimalwareService.exe"

~ In the "Kapow" folder it has a file called "GPUMonitor.exe"

 

https://imgur.com/a/Mkf0c2n

 

Bin Scans:

Spoiler

thx for this

 


  • 0

#420

defastinker123
defastinker123
    Offline
    0
    Rep
    0
    Likes

    New Member

Posts: 11
Threads: 0
Joined: Sep 12, 2023
Credits: 0
One year registered
#420

 

Im going to start a new thing for every infected thread , ASSUMING it has the clean BINs binded to it

I will reupload the the Content but the CLEAN Version.

Now it wont always be possible as some dont have the Binded Bins or are just plain out all infected :(

 

This Sample was Binded as a Windows .CAB or Cabinet File Upon Extraction you will get the Infected Bins and Non Infected Bins

 

Once Executed , Select option "1" enter a Random key

Once Greeted with the Logo Screen click Enter.

 

cW4YOgm.png

 

===========================================================

Downloads

===========================================================

 

Zippyshare

 

 

AnonFiles

 

 

MirrorAce

 

 

MultiUp

 

 

 

REAL VT Bin Scan:

https://www.virustot...41ddfa207177ad5

 

Clown of the Day Spreading the Coin Miner Malware goes to:

 

Spoiler

Full Analysis ON the INFECTED version

 

~ "WEXTRACT.exe" is the original file name

~ Description "Internet Explorer" (spoofed file details)

~ Its a Cabinet file so when extracting it now gives us two EXEs (Brw0C.exe) & (GANG.exe)

~ Gang.exe seems to be legit "Brw0C.exe" is not , it is also 700+ mb

~ Uses MPRESS packer

~ Runs as Admin executes Powershell

~ Drops files in the %AppData% Roaming Folder under "WindowsElements" folder

~ Files Dropped "Kapow.zip" , "DesktopSessionManager.exe" , "AntimalwareService.exe"

~ In the "Kapow" folder it has a file called "GPUMonitor.exe"

 

https://imgur.com/a/Mkf0c2n

 

Bin Scans:

Spoiler

 

aye boss


  • 0


 Users browsing this thread: