Bitcoin Forum
May 05, 2024, 11:56:04 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Economy > Trading Discussion > Scam Accusations > Malicious USB drives Monero mining!
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Malicious USB drives Monero mining!  (Read 97 times)
dkbit98 (OP)
Legendary
*
Offline Offline

Activity: 2226
Merit: 7129



View Profile WWW
April 25, 2020, 08:06:36 AM
Merited by Daniel91 (1), Rikafip (1)
 #1
ESET antivirus research welivesecurity reported VictoryGate malware is back again and this time on USB drives.
Windos OS is first under atack with over 35000 infected computers so far, and most of them is in Latin America, Peru.
It installs scripts and then hides in root of the drive.





Code:
 
ESET detection name
Hash
MSIL/VictoryGate.A   398C99FD804043863959CC34C68B0305B1131388
MSIL/VictoryGate.A   a187d8be61b7ad6c328f3ee9ac66f3d2f4b48c6b
MSIL/VictoryGate.B   483a55389702cdc83223c563efb9151a704a973e
MSIL/VictoryGate.C   686eef924e6b7aadb5bcff1045b25163501670e6

Filesystem
%ProgramData%\JcmewjJky\jcmewjjky.ico
%ProgramData%\JcmewjJky\jcmewjjky.exe
%ProgramData%\JcmewjJky\jcmewjjky.au3
%AppData%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.url.lnk
%AppData%\Microsoft\Windows\Start Menu\Programs\Startup\tpmvsucgr.url
%AppData%\tpmvscugr.exe
%AppData%\ctfmon2.exe
HKCU/Software/JcMewjJKy
HKLM/Software/Microsoft/Windows NT/CurrentVersion/Schedule/TaskCache/Tree/rwIAMblfuvoss
HKCU/Software/Victory

C&C Domains
* Domains being sinkholed.

scitie.ddns[.]net
ddw.ddns[.]net
c0d3.ddns[.]net
volvo.ddns[.]net
xcod.ddns[.]net
mrxud.ddns[.]net
d001.ddns[.]net
xkm.ddns[.]net
luio.ddns[.]net
xcud.ddns[.]net
aut2scr.ddns[.]net
fanbmypersondrive[.]icu
mydrivepersonpdvsa[.]icu
mydrivepersonfanb[.]icu
mycountermppd[.]xyz
calypsoempire.ddns[.]net
mgud2xd.ddns[.]net
aut0hk.ddns[.]net
xcud.zapto[.]org
accountantlive[.]icu
shittybooks[.]review
hakerz123.ddns[.]net
jcmewjjkyc0d3.ddns[.]net *
urtyerc0d3.ddns[.]net *
MoOHyAYeuaut2scr.ddns[.]net *
pNUMWWDLjPmzg.ddns[.]net *
gJyapcAGoc0d3.ddns[.]net *
OHOFqlXNJluio.ddns[.]net *

Payload URLs
gulfup[.]me/i/00711/2czcy5xvh7br.jpeg
gulfup[.]me/i/00711/a8nr26g1zcot.jpeg
gulfup[.]me/i/00711/6400e1i9fsj6.jpeg
gulfup[.]me/i/00711/pwgzuq5902m2.jpeg
gulfup[.]me/i/00711/lhm3w37zuiwy.jpeg
gulfup[.]me/i/00711/3mwdm6tbgcq6.jpeg
gulfup[.]me/i/00712/sy8rtcxlh1pu.jpeg
gulfup[.]me/i/00712/o56zgjhefny0.jpeg
b.top4top[.]io/p_152411ncc1.jpeg
pastebin[.]com/raw/fEAuhPYh


Stay safe, and don't use any suspicious USB drives.

source:
https://www.welivesecurity.com/2020/04/23/eset-discovery-monero-mining-botnet-disrupted/
.
.HUGE.
▄██████████▄▄
▄█████████████████▄
▄█████████████████████▄
▄███████████████████████▄
▄█████████████████████████▄
███████▌██▌▐██▐██▐████▄███
████▐██▐████▌██▌██▌██▌██
█████▀███▀███▀▐██▐██▐█████
▀█████████████████████████▀
▀███████████████████████▀
▀█████████████████████▀
▀█████████████████▀
▀██████████▀▀
█▀▀▀▀











█▄▄▄▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINSPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀▀█











▄▄▄▄█
Pages: [1]
  Print  
Bitcoin Forum > Economy > Trading Discussion > Scam Accusations > Malicious USB drives Monero mining!
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!