ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!

Jump to content



Photo

GANG-NUKER 2.0 Cracked | DISCORD MULTI TOOL | Cleaned by ObbedCode


  • Please log in to reply
GANG-NUKER 2.0 Cracked | DISCORD MULTI TOOL | Cleaned by ObbedCode

#461

Bouhmidi
Bouhmidi
    Offline
    0
    Rep
    0
    Likes

    New Member

Posts: 10
Threads: 0
Joined: Dec 10, 2023
Credits: 0
One year registered
#461

 

Im going to start a new thing for every infected thread , ASSUMING it has the clean BINs binded to it

I will reupload the the Content but the CLEAN Version.

Now it wont always be possible as some dont have the Binded Bins or are just plain out all infected :(

 

This Sample was Binded as a Windows .CAB or Cabinet File Upon Extraction you will get the Infected Bins and Non Infected Bins

 

Once Executed , Select option "1" enter a Random key

Once Greeted with the Logo Screen click Enter.

 

cW4YOgm.png

 

===========================================================

Downloads

===========================================================

 

Zippyshare

 

 

AnonFiles

 

 

MirrorAce

 

 

MultiUp

 

 

 

REAL VT Bin Scan:

https://www.virustot...41ddfa207177ad5

 

Clown of the Day Spreading the Coin Miner Malware goes to:

 

Spoiler

Full Analysis ON the INFECTED version

 

~ "WEXTRACT.exe" is the original file name

~ Description "Internet Explorer" (spoofed file details)

~ Its a Cabinet file so when extracting it now gives us two EXEs (Brw0C.exe) & (GANG.exe)

~ Gang.exe seems to be legit "Brw0C.exe" is not , it is also 700+ mb

~ Uses MPRESS packer

~ Runs as Admin executes Powershell

~ Drops files in the %AppData% Roaming Folder under "WindowsElements" folder

~ Files Dropped "Kapow.zip" , "DesktopSessionManager.exe" , "AntimalwareService.exe"

~ In the "Kapow" folder it has a file called "GPUMonitor.exe"

 

https://imgur.com/a/Mkf0c2n

 

Bin Scans:

Spoiler

 

let's seeeee


  • 0

#462

newtmannewt
newtmannewt
    Offline
    0
    Rep
    1
    Likes

    New Member

Posts: 24
Threads: 0
Joined: Sep 28, 2018
Credits: 0

Six years registered
#462

yes this is a big dub


  • 0

#463

LBOZO121
LBOZO121
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 2
Threads: 0
Joined: Dec 20, 2023
Credits: 0
One year registered
#463

 

Im going to start a new thing for every infected thread , ASSUMING it has the clean BINs binded to it

I will reupload the the Content but the CLEAN Version.

Now it wont always be possible as some dont have the Binded Bins or are just plain out all infected :(

 

This Sample was Binded as a Windows .CAB or Cabinet File Upon Extraction you will get the Infected Bins and Non Infected Bins

 

Once Executed , Select option "1" enter a Random key

Once Greeted with the Logo Screen click Enter.

 

cW4YOgm.png

 

===========================================================

Downloads

===========================================================

 

Zippyshare

 

 

AnonFiles

 

 

MirrorAce

 

 

MultiUp

 

 

 

REAL VT Bin Scan:

https://www.virustot...41ddfa207177ad5

 

Clown of the Day Spreading the Coin Miner Malware goes to:

 

Spoiler

Full Analysis ON the INFECTED version

 

~ "WEXTRACT.exe" is the original file name

~ Description "Internet Explorer" (spoofed file details)

~ Its a Cabinet file so when extracting it now gives us two EXEs (Brw0C.exe) & (GANG.exe)

~ Gang.exe seems to be legit "Brw0C.exe" is not , it is also 700+ mb

~ Uses MPRESS packer

~ Runs as Admin executes Powershell

~ Drops files in the %AppData% Roaming Folder under "WindowsElements" folder

~ Files Dropped "Kapow.zip" , "DesktopSessionManager.exe" , "AntimalwareService.exe"

~ In the "Kapow" folder it has a file called "GPUMonitor.exe"

 

https://imgur.com/a/Mkf0c2n

 

Bin Scans:

Spoiler

 


  • 0

#464

dsfgfhf
dsfgfhf
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 1
Threads: 0
Joined: Dec 20, 2023
Credits: 0
One year registered
#464

gimmeee

 


  • 0

#465

xd12345xd
xd12345xd
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 6
Threads: 0
Joined: Dec 31, 2023
Credits: 0
Half year registered
#465

tysm


  • 0

#466

Milktron
Milktron
    Offline
    0
    Rep
    0
    Likes

    New Member

Posts: 24
Threads: 0
Joined: Dec 20, 2023
Credits: 0
One year registered
#466

 

Im going to start a new thing for every infected thread , ASSUMING it has the clean BINs binded to it

I will reupload the the Content but the CLEAN Version.

Now it wont always be possible as some dont have the Binded Bins or are just plain out all infected :(

 

This Sample was Binded as a Windows .CAB or Cabinet File Upon Extraction you will get the Infected Bins and Non Infected Bins

 

Once Executed , Select option "1" enter a Random key

Once Greeted with the Logo Screen click Enter.

 

cW4YOgm.png

 

===========================================================

Downloads

===========================================================

 

Zippyshare

 

 

AnonFiles

 

 

MirrorAce

 

 

MultiUp

 

 

 

REAL VT Bin Scan:

https://www.virustot...41ddfa207177ad5

 

Clown of the Day Spreading the Coin Miner Malware goes to:

 

Spoiler

Full Analysis ON the INFECTED version

 

~ "WEXTRACT.exe" is the original file name

~ Description "Internet Explorer" (spoofed file details)

~ Its a Cabinet file so when extracting it now gives us two EXEs (Brw0C.exe) & (GANG.exe)

~ Gang.exe seems to be legit "Brw0C.exe" is not , it is also 700+ mb

~ Uses MPRESS packer

~ Runs as Admin executes Powershell

~ Drops files in the %AppData% Roaming Folder under "WindowsElements" folder

~ Files Dropped "Kapow.zip" , "DesktopSessionManager.exe" , "AntimalwareService.exe"

~ In the "Kapow" folder it has a file called "GPUMonitor.exe"

 

https://imgur.com/a/Mkf0c2n

 

Bin Scans:

Spoiler

 

that clown


  • 0

#467

PHANTO0920
PHANTO0920
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 6
Threads: 0
Joined: Jan 03, 2024
Credits: 0
Half year registered
#467

 

Im going to start a new thing for every infected thread , ASSUMING it has the clean BINs binded to it

I will reupload the the Content but the CLEAN Version.

Now it wont always be possible as some dont have the Binded Bins or are just plain out all infected :(

 

This Sample was Binded as a Windows .CAB or Cabinet File Upon Extraction you will get the Infected Bins and Non Infected Bins

 

Once Executed , Select option "1" enter a Random key

Once Greeted with the Logo Screen click Enter.

 

cW4YOgm.png

 

===========================================================

Downloads

===========================================================

 

Zippyshare

 

 

AnonFiles

 

 

MirrorAce

 

 

MultiUp

 

 

 

REAL VT Bin Scan:

https://www.virustot...41ddfa207177ad5

 

Clown of the Day Spreading the Coin Miner Malware goes to:

 

Spoiler

Full Analysis ON the INFECTED version

 

~ "WEXTRACT.exe" is the original file name

~ Description "Internet Explorer" (spoofed file details)

~ Its a Cabinet file so when extracting it now gives us two EXEs (Brw0C.exe) & (GANG.exe)

~ Gang.exe seems to be legit "Brw0C.exe" is not , it is also 700+ mb

~ Uses MPRESS packer

~ Runs as Admin executes Powershell

~ Drops files in the %AppData% Roaming Folder under "WindowsElements" folder

~ Files Dropped "Kapow.zip" , "DesktopSessionManager.exe" , "AntimalwareService.exe"

~ In the "Kapow" folder it has a file called "GPUMonitor.exe"

 

https://imgur.com/a/Mkf0c2n

 

Bin Scans:

Spoiler

 

thx kingg lets gou


  • 0

#468

AuroraCH
AuroraCH
    Offline
    0
    Rep
    0
    Likes

    Lurker

  • Pip
Posts: 7
Threads: 0
Joined: Jan 03, 2024
Credits: 0
Half year registered
#468

finally a token generator, tysm


  • 0

#469

Wardenking
Wardenking
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 3
Threads: 0
Joined: Jan 04, 2024
Credits: 0
Half year registered
#469
Tysm got this shit is cool asf

  • 0

#470

DAWA1234
DAWA1234
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 1
Threads: 0
Joined: Jan 04, 2024
Credits: 0
Half year registered
#470

d scvdfc


  • 0


 Users browsing this thread: