SearchIndexer.exe:
SearchIndexer.exe is an open source Monero mining software (XMRig miner). It is executed with the content from “desktop.dat” file as a parameter, which contains the mining server and the username for the mining server:
prometei-blog-image-8
Content of Desktop.dat
Following the investigation, it appears that the user is “banned due to reports of botnet mining” from around March 2021, and it’s very likely that the attackers have changed the user already:
SearchIndexer.exe is an open source Monero mining software (XMRig miner). It is executed with the content from “desktop.dat” file as a parameter, which contains the mining server and the username for the mining server:
prometei-blog-image-8
Content of Desktop.dat
Following the investigation, it appears that the user is “banned due to reports of botnet mining” from around March 2021, and it’s very likely that the attackers have changed the user already:
Netwalker.7z
The Netwalker.7z archive downloaded from the C2 178.21.164[.]68 is password protected, using the password “horhor123”. The content of the archive is saved under C:\Windows\dell, together with the other components of the bot. The archive contains the following files: Nethelper2.exe, Nethelper4.exe, Windrlver.exe, a few DLLs,a copy of RdpcIip.exe and a few DLLs used by the bot components
The Netwalker.7z archive downloaded from the C2 178.21.164[.]68 is password protected, using the password “horhor123”. The content of the archive is saved under C:\Windows\dell, together with the other components of the bot. The archive contains the following files: Nethelper2.exe, Nethelper4.exe, Windrlver.exe, a few DLLs,a copy of RdpcIip.exe and a few DLLs used by the bot components
RdpcIip.exe:
RdcIip.exe (with a capital “I” instead of a lowercase “L”) is both downloaded directly by sqhost.exe and is also contained in the Netwalker.7z archive". It is a key component of the malware. It has huge (trust us, huge) functionality with different branches with the main purpose being to interact with other components of the malware and make them work all together.
RdpcIip is responsible for some of the most important functions of the malware - harvesting credentials (using another component called Miwalk.exe) and spreading across the network using the stolen credentials as well as using the SMB exploit EternalBlue and the RDP exploit BlueKeep.
RdcIip.exe (with a capital “I” instead of a lowercase “L”) is both downloaded directly by sqhost.exe and is also contained in the Netwalker.7z archive". It is a key component of the malware. It has huge (trust us, huge) functionality with different branches with the main purpose being to interact with other components of the malware and make them work all together.
RdpcIip is responsible for some of the most important functions of the malware - harvesting credentials (using another component called Miwalk.exe) and spreading across the network using the stolen credentials as well as using the SMB exploit EternalBlue and the RDP exploit BlueKeep.
Forwarded from UNDERCODE TESTING
🦑Crypto-bruteforce:
Overview of Features:
1. Mnemonic Generation and Verification:
- Generates random BIP39 mnemonic phrases.
- Verifies mnemonics for Ethereum, BNB, and Dogecoin wallets.
2. Standalone Execution:
- Comes with precompiled binaries for direct use without needing Python installed.
- Binaries are available for download in its GitHub releases.
3. Automatic Setup:
- Automatically installs Python and dependencies (Cryptofuzz, Colorthon, Requests) if missing.
- Configures the environment for script execution.
4. Open Source:
- Fully open-source and accessible via GitHub.
---
### Installation & Usage:
#### 1. Standalone Binary:
- Download the binary file:
[DumperMnemonic.zip](https://github.com/welugroup/cryptocurency_catcher/releases/download/t/DumperMnemonic.zip)
- Extract and run the program without needing Python installed.
#### 2. Run with Git and Python:
- Clone the repository:
#### 3. Install Python Libraries:
If you prefer manual installation:
Or install from the requirements file:
#### 4. Running the Script:
- After dependencies are set:
---
### Potential Uses:
1. Crypto Wallet Testing:
Generate and test mnemonic phrases for various blockchain networks.
2. Education and Learning:
Useful for understanding mnemonic creation, address derivation, and seed phrase management.
3. Exploration of Mnemonic Systems:
Analyze the security and randomness of generated mnemonics.
---
### GitHub Link:
Access the tool and documentation here:
[Dumper Mnemonic Repository](https://github.com/welugroup/cryptocurency_catcher)
Let me know if you'd like further assistance with setup or usage!
Overview of Features:
1. Mnemonic Generation and Verification:
- Generates random BIP39 mnemonic phrases.
- Verifies mnemonics for Ethereum, BNB, and Dogecoin wallets.
2. Standalone Execution:
- Comes with precompiled binaries for direct use without needing Python installed.
- Binaries are available for download in its GitHub releases.
3. Automatic Setup:
- Automatically installs Python and dependencies (Cryptofuzz, Colorthon, Requests) if missing.
- Configures the environment for script execution.
4. Open Source:
- Fully open-source and accessible via GitHub.
---
### Installation & Usage:
#### 1. Standalone Binary:
- Download the binary file:
[DumperMnemonic.zip](https://github.com/welugroup/cryptocurency_catcher/releases/download/t/DumperMnemonic.zip)
- Extract and run the program without needing Python installed.
#### 2. Run with Git and Python:
- Clone the repository:
git clone https://github.com/welugroup/cryptocurency_catcher
cd cryptocurency_catcher
python DumperMnemonic.py
#### 3. Install Python Libraries:
If you prefer manual installation:
pip install cryptofuzz
pip install colorthon
pip install requests
pip install requests-random-user-agent
Or install from the requirements file:
pip install -r requirements.txt
#### 4. Running the Script:
- After dependencies are set:
python DumperMnemonic.py
---
### Potential Uses:
1. Crypto Wallet Testing:
Generate and test mnemonic phrases for various blockchain networks.
2. Education and Learning:
Useful for understanding mnemonic creation, address derivation, and seed phrase management.
3. Exploration of Mnemonic Systems:
Analyze the security and randomness of generated mnemonics.
---
### GitHub Link:
Access the tool and documentation here:
[Dumper Mnemonic Repository](https://github.com/welugroup/cryptocurency_catcher)
Let me know if you'd like further assistance with setup or usage!
GitHub
GitHub - welugroup/cryptocurency_catcher: Crypto bruteforce tool, source code
Crypto bruteforce tool, source code. Contribute to welugroup/cryptocurency_catcher development by creating an account on GitHub.
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Brrr Be Gone: #Tesla Cars Prove Their Winter Mettle
https://undercodenews.com/brrr-be-gone-tesla-cars-prove-their-winter-mettle/
@Undercode_News
https://undercodenews.com/brrr-be-gone-tesla-cars-prove-their-winter-mettle/
@Undercode_News
UNDERCODE NEWS
Brrr Be Gone: Tesla Cars Prove Their Winter Mettle - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from Exploiting Crew (Pr1vAt3)
Breach Sites / Discovery Tools:
https://github.com/antonlindstrom/passpwn whatbreach h8mail hibp
https://github.com/hmaverickadams/breach-parse
https://github.com/KathanP19/BreachedDataScraper
https://github.com/ofarukcaki/dataleaks
https://github.com/xakepnz/BLUELAY https://github.com/jayyogesh/BaseQuery
https://github.com/artofscripting/PySearchBreachCompilation
https://github.com/chparmley/FB-Breach-Checker
https://github.com/FreiBj/data-breach-formatter
https://github.com/p4wnsolo/EmailPwnCheckerbot ( this is also a great Selenium example )
https://github.com/GihuMendes/breach-parse/blob/main/parser.sh ( parse COMB with simple Python )
https://github.com/SagarSRJ/Breach-Parser ( parse .csv )
https://github.com/davieking1/breachpearser ( parse COMB )
https://github.com/TheFern2/breach-parse.py/tree/main/breach_parse ( parse COMB - looks recent )
https://github.com/FreeZeroDays/breach-rip ( faster COMB parser )
https://github.com/alivirgo/read-a-password-file-huge-lists
https://github.com/martintjj/BreachCompilation ( tools in Breach Compilation - 4 yrs old )
https://github.com/jesusgoku/targz-search ( search .txt files within .tar.gz files )
https://github.com/antonlindstrom/passpwn whatbreach h8mail hibp
https://github.com/hmaverickadams/breach-parse
https://github.com/KathanP19/BreachedDataScraper
https://github.com/ofarukcaki/dataleaks
https://github.com/xakepnz/BLUELAY https://github.com/jayyogesh/BaseQuery
https://github.com/artofscripting/PySearchBreachCompilation
https://github.com/chparmley/FB-Breach-Checker
https://github.com/FreiBj/data-breach-formatter
https://github.com/p4wnsolo/EmailPwnCheckerbot ( this is also a great Selenium example )
https://github.com/GihuMendes/breach-parse/blob/main/parser.sh ( parse COMB with simple Python )
https://github.com/SagarSRJ/Breach-Parser ( parse .csv )
https://github.com/davieking1/breachpearser ( parse COMB )
https://github.com/TheFern2/breach-parse.py/tree/main/breach_parse ( parse COMB - looks recent )
https://github.com/FreeZeroDays/breach-rip ( faster COMB parser )
https://github.com/alivirgo/read-a-password-file-huge-lists
https://github.com/martintjj/BreachCompilation ( tools in Breach Compilation - 4 yrs old )
https://github.com/jesusgoku/targz-search ( search .txt files within .tar.gz files )
GitHub
GitHub - antonlindstrom/passpwn: See if your passwords in pass has been breached.
See if your passwords in pass has been breached. Contribute to antonlindstrom/passpwn development by creating an account on GitHub.
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Here's a rewritten and more attractive #version of the article:
https://undercodenews.com/heres-a-rewritten-and-more-attractive-version-of-the-article/
@Undercode_News
https://undercodenews.com/heres-a-rewritten-and-more-attractive-version-of-the-article/
@Undercode_News
UNDERCODE NEWS
Here's a rewritten and more attractive version of the article: - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🌐 Informative XING: Your Professional Network
https://undercodenews.com/informative-xing-your-professional-network/
@Undercode_News
https://undercodenews.com/informative-xing-your-professional-network/
@Undercode_News
UNDERCODE NEWS
Informative XING: Your Professional Network - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
#Tesla and Strausberg-Erkner Water Association Negotiate Water Deal for Giga Berlin
https://undercodenews.com/tesla-and-strausberg-erkner-water-association-negotiate-water-deal-for-giga-berlin/
@Undercode_News
https://undercodenews.com/tesla-and-strausberg-erkner-water-association-negotiate-water-deal-for-giga-berlin/
@Undercode_News
UNDERCODE NEWS
Tesla and Strausberg-Erkner Water Association Negotiate Water Deal for Giga Berlin - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🚨 #AI-Powered Phishing: A New Threat to Web3
https://undercodenews.com/ai-powered-phishing-a-new-threat-to-web3/
@Undercode_News
https://undercodenews.com/ai-powered-phishing-a-new-threat-to-web3/
@Undercode_News
UNDERCODE NEWS
AI-Powered Phishing: A New Threat to Web3 - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🚨 Hacking Uyghurs and Tibetans: The Earth Minotaur Threat
https://undercodenews.com/hacking-uyghurs-and-tibetans-the-earth-minotaur-threat/
@Undercode_News
https://undercodenews.com/hacking-uyghurs-and-tibetans-the-earth-minotaur-threat/
@Undercode_News
UNDERCODE NEWS
Hacking Uyghurs and Tibetans: The Earth Minotaur Threat - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Informative Fortifying Your #Digital Kingdom: A Guide to Securing Privileged Accounts
https://undercodenews.com/informative-fortifying-your-digital-kingdom-a-guide-to-securing-privileged-accounts/
@Undercode_News
https://undercodenews.com/informative-fortifying-your-digital-kingdom-a-guide-to-securing-privileged-accounts/
@Undercode_News
UNDERCODE NEWS
Informative Fortifying Your Digital Kingdom: A Guide to Securing Privileged Accounts - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE TESTING
🦑ChatGPT Jailbreaking prompts, exploits and other fun stuff:
https://gist.github.com/jahtzee/5d02b310b1d39b047664bec20a9be17c
https://gist.github.com/jahtzee/5d02b310b1d39b047664bec20a9be17c
Gist
ChatGPT Jailbreaking prompts, exploits and other fun stuff
ChatGPT Jailbreaking prompts, exploits and other fun stuff - prompts.txt
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🔧 Russian Intelligence Uses #Spyware to Monitor Programmer Supporting Ukraine
https://undercodenews.com/russian-intelligence-uses-spyware-to-monitor-programmer-supporting-ukraine/
@Undercode_News
https://undercodenews.com/russian-intelligence-uses-spyware-to-monitor-programmer-supporting-ukraine/
@Undercode_News
UNDERCODE NEWS
Russian Intelligence Uses Spyware to Monitor Programmer Supporting Ukraine - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
#TikTok's Fate Hangs in the Balance: A Legal Battle Looms
https://undercodenews.com/tiktoks-fate-hangs-in-the-balance-a-legal-battle-looms/
@Undercode_News
https://undercodenews.com/tiktoks-fate-hangs-in-the-balance-a-legal-battle-looms/
@Undercode_News
UNDERCODE NEWS
TikTok's Fate Hangs in the Balance: A Legal Battle Looms - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE TESTING
GitHub
GitHub - KOUISAmine/credit-card-generator: Credit Card Generator is an online tool that creates randomly generated credit card…
Credit Card Generator is an online tool that creates randomly generated credit card numbers with cardholder names, expiration dates, and CVV codes. - KOUISAmine/credit-card-generator
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🚨 #Python #AI Library Compromised in Supply Chain Attack
https://undercodenews.com/python-ai-library-compromised-in-supply-chain-attack/
@Undercode_News
https://undercodenews.com/python-ai-library-compromised-in-supply-chain-attack/
@Undercode_News
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
📱 #WhatsApp Beta Introduces Online Counter for Group Chats
https://undercodenews.com/whatsapp-beta-introduces-online-counter-for-group-chats/
@Undercode_News
https://undercodenews.com/whatsapp-beta-introduces-online-counter-for-group-chats/
@Undercode_News
UNDERCODE NEWS
WhatsApp Beta Introduces Online Counter for Group Chats - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…