I know it since the begining i was just bored to have a look..
Advert:
Statistic screenshot of a guys inside:
ICQ:
It's the end of 2012 so.. wanna laugh a bit ?
For fake screenshots i've not used a hacked server, i've just browsed hackforum and 'steal' a screenshot:
Hide the notepad and bot last response with my icq discution:
mfw:
Was a bit delicate after he wanna test me:
I've made him wait the time i found a solution without harming people..
Finaly after that i was ready... but the support was away...
Affiliate page was not difficult to find, you just have to search the mail adress he used for icq.
And we have...
• dns: 1 ›› ip: 111.90.159.122 - adresse: MONEYCLOUD.SU• dns: 1 ›› ip: 46.183.220.14 - adresse: MCSTAT.SU
Login page:
More cool you can even play to the game of 'who joined the aff'
If a member don't exist on the affiliate you will get this error message:
>Invalid username
Ok, enought trolling, after 4 hours of idling the support is back on ICQ:
The account creation took 30 mins hmm... ok i've wait 1h in final:
Dashboard:
Stats:
Payements:
EXE download:
Profile:
So i've looked the source and...
add-teammember:
Wan't have a look on admin mode ?
Dashboard:
Add a new member:
Add category:
User list:
Modify news:
Profile update:
Write batch:
Found also the way to view profil of guys
For the sample he asked me to do 20-30 loads: https://www.virustotal.com/file/9d6367cca7b0de6f574ac622d7c12ef22d58b5268b12db9bd82de0d6b40ad184/analysis/1356133199/
File downloaded from the panel: https://www.virustotal.com/file/6a9683f64045ac8c95f77544125d8127cb889e69787fdb0c2ee7ffc861c425e5/analysis/1356140250/
No, seriously the file is interesting, it's a trojan downloader which payload is rootkit with file infector capabilities (infects fastfat.sys) + exploit on board (brief looking revealed CVE-2010-3338) + a lot of antivm, anti forensics and a bitcoin miner under VB RunPE.
I've grabbed the admin IP also but he's behind a proxy.
Moment : 22/12/2012 17:47:59
Ip : 95.140.125.62
Host : free-125-62.mediaworksit.net
ref : Unspecified
ua: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20100101 Firefox/17.0
Moment : 22/12/2012 17:48:14
Ip : 95.140.125.62
Host : free-125-62.mediaworksit.net
ref : Unspecified
ua: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20100101 Firefox/17.0
Ip : 95.140.125.62
Host : free-125-62.mediaworksit.net
ref : Unspecified
ua: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20100101 Firefox/17.0
Moment : 22/12/2012 17:48:14
Ip : 95.140.125.62
Host : free-125-62.mediaworksit.net
ref : Unspecified
ua: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20100101 Firefox/17.0
Happy holidays and see you in 2013!
I LOVE your articles Steven !
ReplyDeleteHappy new year and thanks.
Faith.
PWNED ))))
ReplyDeleteYou are just awesome Xylitol!
ReplyDeleteHave a very happy new year!
^_^
Amusing read, keep up the good work in 2013!
ReplyDeleteHappy new year :)
ReplyDeletePS. Temari is cute :3
happy new year steven
ReplyDeleteHappy new year !
ReplyDelete