Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



 4206

If you see this in a config, DO NOT DOWNLOAD.

by Pleth - 02 March, 2023 - 11:11 PM
This post is by a banned member (Pleth) - Unhide
This post is by a banned member (Assange) - Unhide
This post is by a banned member (Pleth) - Unhide
This post is by a banned member (mikynlee) - Unhide
This post is by a banned member (Pleth) - Unhide
This post is by a banned member (Mr.DX1Z1) - Unhide
Mr.DX1Z1  
Contributor
983
Posts
395
Threads
5 Years of service
#6
SUPER HQ INFO +
BUY MY DATING ACCOUNTS : TELEGRAM @ITSDREXZ
This post is by a banned member (Down4you) - Unhide
Down4you  
Infinity
30
Posts
3
Threads
5 Years of service
#7
(02 March, 2023 - 11:11 PM)Pleth Wrote: Show More
[Image: k5meo9j.png]

Any time you see this in a config, it is executing a stealer. I had this happen to me and when we sat there and looked at what it did, we came back to this:
https://github.com/w4sp-book/w4sp-lab

This is what it led back to.

It will look like this:
[Image: hVNnkgA.png]

Or very similar.

I'm not even gonna lie, this is a genius way to do this, but once you run the config it (somehow) spreads to all your other configs. When you send them to anyone, the process starts again. As it is a stealer, it will steal your information. And this is one of the many reasons i suggest running configs on an RDP.

This is similar to the malicious API thing, but smarter as most people won't recognize it as anything.

there is another way to infect the person's computer, it makes a GET request and receives the source as an .exe file in the selenium folder and once the selenium block is launched it calls the downloaded file and infects the computer
This post is by a banned member (gb1rke) - Unhide
gb1rke  
Registered
42
Posts
4
Threads
1 Year of service
#8
Holy, what a find, possible to maybe get the malicous config finder tool updated to get it to remove this aswell?
[Image: Autobuy-HQ-Account-Seller.gif]

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 1 Guest(s)