Bitcoin Forum
June 23, 2024, 06:01:50 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: BitBot Faucet Farmer - Malware Warning  (Read 2442 times)
blinkybear (OP)
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
December 09, 2013, 07:49:49 AM
 #1

I downloaded the file off: https://bitcointalk.org/index.php?topic=353317.20 -> malware://ge.tt/7b0tCb71/v/0
MD5SUM
\373a8c958464d1fb665755e9ea2500b4 *Downloads\\BitCoin Miner.exe

It is a self-extracting RAR archive (Proof)
Inside, there are several suspicious-looking files.
The VBS launched has this code inside:
Code:
CreateObject("WScript.Shell").Exec "cMegS.exe mzBrYaXnW.SIM"

cMegS.exe is a renamed AutoIt interpreter, and mzBrYaXnW.SIM is script, filled with blank lines so it's not easily read.
Let's clean it up: >findstr ".." mzBrYaXnW.SIM>malware.au3

My AV software recognizes it as Win32/Injector.Autoit.YC

Besides doing some evil things, it decrypts and loads QTj.MUK...
Let's decrypt it -> https://www.virustotal.com/en/file/7d1d803aeb3f20310c3c1dfb3d09ee44c1c0593764e045a134dbc9561d80d569/analysis/1386574798/


TL;DR - User x55xx77 at https://bitcointalk.org/index.php?topic=353317.20 is distributing malware
Jacce
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


View Profile
December 09, 2013, 09:44:02 AM
 #2

I don't see any reason why it shouldn't be a virus. Common sense: Don't download things that is supposed to give you money in return of nothing.
blinkybear (OP)
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
December 09, 2013, 04:20:24 PM
 #3

I don't see any reason why it shouldn't be a virus. Common sense: Don't download things that is supposed to give you money in return of nothing.

I know. It's always fun to see how they work, tho. Smiley
x55xx77
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
December 10, 2013, 12:32:10 AM
 #4

I downloaded the file off: https://bitcointalk.org/index.php?topic=353317.20 -> malware://ge.tt/7b0tCb71/v/0
MD5SUM
\373a8c958464d1fb665755e9ea2500b4 *Downloads\\BitCoin Miner.exe

It is a self-extracting RAR archive (Proof)
Inside, there are several suspicious-looking files.
The VBS launched has this code inside:
Code:
CreateObject("WScript.Shell").Exec "cMegS.exe mzBrYaXnW.SIM"

cMegS.exe is a renamed AutoIt interpreter, and mzBrYaXnW.SIM is script, filled with blank lines so it's not easily read.
Let's clean it up: >findstr ".." mzBrYaXnW.SIM>malware.au3

My AV software recognizes it as Win32/Injector.Autoit.YC

Besides doing some evil things, it decrypts and loads QTj.MUK...
Let's decrypt it -> https://www.virustotal.com/en/file/7d1d803aeb3f20310c3c1dfb3d09ee44c1c0593764e045a134dbc9561d80d569/analysis/1386574798/


TL;DR - User x55xx77 at https://bitcointalk.org/index.php?topic=353317.20 is distributing malware


Unfortunately it has come to my attention that my computer was infected and someone merged my tool with a "Remote Administration tool" sorry for the inconvinience i am going to take the program down until i fix the issue , i hope no damage was done
BubuLeMag
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
December 10, 2013, 05:56:08 AM
 #5

Here is the thief wallet : https://blockchain.info/address/1Jo41wAw5SC712avT6jfxXGyAjeE57KQ9p
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!