Title: rahman1988 - posting links to password stealing malware Post by: hamsterfly on April 08, 2016, 08:31:56 PM Scammer : rahman1988
Profile : https://bitcointalk.org/index.php?action=profile;u=326395 Link to his sales thread - https://bitcointalk.org/index.php?topic=1429893.msg14461489#msg14461489 Sends you a .zip file claiming its his Dash wallet.dat file for the trade except it has a password stealer in it. I have a complete log of all pm's between us if anyone wants to see them. I have now send 25% of the 14000 DASH upfront as promised. - https://stemfund.com/dashwallet.zip (https://stemfund.com/dashwallet.zip) I'm looking forward to your business! My bitcoin address is: 1LhdG3aB5a2zQzKBSWBkwNxCYCBhSvqaXS StemFund is my bitcoin loaning company, and i already sent you the wallet with password.. I dont know how a txt or zip is malware.. man i its my wallet.dat and password for DASH. Else i would have to change my password for my wallet. It contains 3507 DASH coins. Regards rahman1988 Virustotal report on zip file : https://www.virustotal.com/en/file/216cfbe6851a2d733ec5f7d9875e9156b5cf6b461dc195d41d08642edd525aed/analysis/1460146837/ If this guy posts any bullshit about who is the real scammer I happy to give my password to any senior member so they can confirm every pm between us. Please tag this retard as a scammer! Title: Re: rahman1988 - posting links to password stealing malware Post by: suchmoon on April 08, 2016, 10:05:24 PM Selling coins by sending a zipped wallet? That's a new one.
The VirusTotal report is showing only 1/56 detection ratio, which could mean a false positive. Did you try to unzip the file? Edit: never mind, there is an .lnk file in it, those are dangerous. Could be a link to anything, and also there are possible Windows exploits. Title: Re: rahman1988 - posting links to password stealing malware Post by: xetsr on April 08, 2016, 10:20:55 PM Selling coins by sending a zipped wallet? That's a new one. The VirusTotal report is showing only 1/56 detection ratio, which could mean a false positive. Did you try to unzip the file? Edit: never mind, there is an .lnk file in it, those are dangerous. Could be a link to anything, and also there are possible Windows exploits. Seen this many times before here. Been awhile but it's nothing new. Title: Re: rahman1988 - posting links to password stealing malware Post by: rahman1988 on April 08, 2016, 11:20:18 PM This is ridiculous!
that is a false positive. Luckily I got to move my coins before someone stole the coins you leaked from our PMs. Title: Re: rahman1988 - posting links to password stealing malware Post by: suchmoon on April 08, 2016, 11:37:13 PM This is ridiculous! that is a false positive. Luckily I got to move my coins before someone stole the coins you leaked from our PMs. Oh, so you know how to "move" coins. I wonder why you had to send the wallet file then? Instead of just sending the coins to the buyer. And why did the password have to be in the LNK file? Title: Re: rahman1988 - posting links to password stealing malware Post by: xetsr on April 09, 2016, 12:16:09 AM This is ridiculous! that is a false positive. Luckily I got to move my coins before someone stole the coins you leaked from our PMs. Yeah... I don't think anyone is gonna fall for that. Might wanna try again ::) http://whois.domaintools.com/stemfund.com - Shared namecheap hosting. They'll take it down if enough people report it. Title: Re: rahman1988 - posting links to password stealing malware Post by: KenR on April 09, 2016, 03:38:55 AM This is ridiculous! that is a false positive. Luckily I got to move my coins before someone stole the coins you leaked from our PMs. How can someone steal the coins leaked from the PM's ? ::) Aren't you the one trying to send the coins in a Zip File ? That's a new one dude! What were you actually thinking! Title: Re: rahman1988 - posting links to password stealing malware Post by: Timelord2067 on April 26, 2016, 03:31:07 PM Strange transactions: https://blockchain.info/tx/c54a42d272782ea1751425085baec5f8888e066d74b9cd801d95253678c0a5d7
1LhdG3aB5a2zQzKBSWBkwNxCYCBhSvqaXS sends 1bk6raTidUCGEgmyvEmhV8q7fujGRVAWG 3.999 BTC 157meJhNjuetruUKbLKRhvzi63KDW9W2Q4 1.0009 BTC https://blockchain.info/address/157meJhNjuetruUKbLKRhvzi63KDW9W2Q4 only other transaction two days later is to send 1bk6raTidUCGEgmyvEmhV8q7fujGRVAWG 1.599 BTC 1MRkXWDcvcPKKR1PpQUVbugKZtS1fewZQ6 0.01504649 BTC https://blockchain.info/tx/c81739504b649b31002e7ce229e9962a07ad2c4aa4482567c6edf87e286db2fe 1LhdG3aB5a2zQzKBSWBkwNxCYCBhSvqaXS also sends 1bk6raTidUCGEgmyvEmhV8q7fujGRVAWG directly more than once eg https://blockchain.info/tx/95295cac37482d6aa7e6c814b196065819157d162caec7476804bc435632fa03 https://blockchain.info/tx/15d7a07ac0225a92ae3e15ce757818f2af0b78786b2c77fae091461c0ca90561 Title: Re: rahman1988 - posting links to password stealing malware Post by: Stemfund on January 02, 2017, 05:00:36 PM This guy is clearly a scammer. He has nothing to do with Stemfund.
|