|
Title: BitBot Faucet Farmer - Malware Warning Post by: blinkybear on December 09, 2013, 07:49:49 AM I downloaded the file off: https://bitcointalk.org/index.php?topic=353317.20 -> malware://ge.tt/7b0tCb71/v/0
MD5SUM \373a8c958464d1fb665755e9ea2500b4 *Downloads\\BitCoin Miner.exe It is a self-extracting RAR archive (Proof (https://i.imgur.com/FC0Hpph.png)) Inside, there are several suspicious-looking files (https://i.imgur.com/g9jCv5V.png). The VBS launched has this code inside: Code: CreateObject("WScript.Shell").Exec "cMegS.exe mzBrYaXnW.SIM"cMegS.exe is a renamed AutoIt interpreter, and mzBrYaXnW.SIM is script, filled with blank lines so it's not easily read. Let's clean it up: >findstr ".." mzBrYaXnW.SIM>malware.au3 My AV software recognizes it as Win32/Injector.Autoit.YC Besides doing some evil things, it decrypts and loads QTj.MUK... Let's decrypt it -> https://www.virustotal.com/en/file/7d1d803aeb3f20310c3c1dfb3d09ee44c1c0593764e045a134dbc9561d80d569/analysis/1386574798/ TL;DR - User x55xx77 at https://bitcointalk.org/index.php?topic=353317.20 is distributing malware Title: Re: BitBot Faucet Farmer - Malware Warning Post by: Jacce on December 09, 2013, 09:44:02 AM I don't see any reason why it shouldn't be a virus. Common sense: Don't download things that is supposed to give you money in return of nothing.
Title: Re: BitBot Faucet Farmer - Malware Warning Post by: blinkybear on December 09, 2013, 04:20:24 PM I don't see any reason why it shouldn't be a virus. Common sense: Don't download things that is supposed to give you money in return of nothing. I know. It's always fun to see how they work, tho. :) Title: Re: BitBot Faucet Farmer - Malware Warning Post by: x55xx77 on December 10, 2013, 12:32:10 AM I downloaded the file off: https://bitcointalk.org/index.php?topic=353317.20 -> malware://ge.tt/7b0tCb71/v/0 MD5SUM \373a8c958464d1fb665755e9ea2500b4 *Downloads\\BitCoin Miner.exe It is a self-extracting RAR archive (Proof (https://i.imgur.com/FC0Hpph.png)) Inside, there are several suspicious-looking files (https://i.imgur.com/g9jCv5V.png). The VBS launched has this code inside: Code: CreateObject("WScript.Shell").Exec "cMegS.exe mzBrYaXnW.SIM"cMegS.exe is a renamed AutoIt interpreter, and mzBrYaXnW.SIM is script, filled with blank lines so it's not easily read. Let's clean it up: >findstr ".." mzBrYaXnW.SIM>malware.au3 My AV software recognizes it as Win32/Injector.Autoit.YC Besides doing some evil things, it decrypts and loads QTj.MUK... Let's decrypt it -> https://www.virustotal.com/en/file/7d1d803aeb3f20310c3c1dfb3d09ee44c1c0593764e045a134dbc9561d80d569/analysis/1386574798/ TL;DR - User x55xx77 at https://bitcointalk.org/index.php?topic=353317.20 is distributing malware Unfortunately it has come to my attention that my computer was infected and someone merged my tool with a "Remote Administration tool" sorry for the inconvinience i am going to take the program down until i fix the issue , i hope no damage was done Title: Re: BitBot Faucet Farmer - Malware Warning Post by: BubuLeMag on December 10, 2013, 05:56:08 AM Here is the thief wallet : https://blockchain.info/address/1Jo41wAw5SC712avT6jfxXGyAjeE57KQ9p
|