Malware spread on Google Maps,Github & Amazon

Everything started from a google search for infected files. The most commun are crack, keygen etc. I’ve found a ‘hide ip keygen’ and the link locations was very unusual…. Google Maps.

The google maps mark send’s me to some .ru link for download.

hxxp://ignatovalarisai.rutopik.ru/?gmdl&keyword=free+hide+ip+serial+keygen

free_hide_ip_serial_keygen.exe

Analysing the .exe i found that the applications have’s conections with amazonas.com requesting for downloaad other applications.

hxxp://ec2-34-225-180-32.compute-1.amazonaws.com/request/get/…
/request/conditions?user=youllupuki&ver=9&key=c2bee8198fa5636b3d63cbfeb4a088ec&token=5ae84efd036ce5d8da265f8df18e5e47

Let’s see the last one.

I will play with screen.exe

Sens request’s to win3.online & win3.ru

win3.online:
  • /cfgUser?uid= -user [email protected] -xmr
  • /filesUrl avdeeff1985/master
  • /registerUser?uid=
  • /getStatus?uid=
  • /checkConnection aAvh5S

Also: hxxps://github.com/ytisf/theZoo/zipball/master

…and some others link connections:

  • github.com/angryziber/ipscan/releases/download/3.5.1/ipscan-3.5.1-setup.exe
  • github.com/uxmal/reko
  • github.com/gogo2017/space/commit/054c7ef793b902202b7a28f6505997b0c8dd19ab
  • raw.githubusercontent.com/LoukaV3rm/Sumonexs/master/RC7%20Update%20with%20memcheck.exe
  • raw.githubusercontent.com/wso-shell/WSO/master/WSO.php
  • raw.githubusercontent.com/LoukaV3rm/Sumonexs/master/Elevation%207%20Auto%20Inject.exe

So… i think there it is alot of actions for one single keygen!?!

Also, if you have time… on win3.online may find some vulnerability’s!

You also may create a hacker profile, starting from all these informations:

tonylyamin@yandex.com

avdeeff1985/master

raw.githubusercontent.com/avdeeff1985/master/master/spector.exe

Tony… Anthony/ Lyamin/1985 …..

Search: Google,Facebook etc.

Have fun and stay safe!!!

Alex Anghelus

SC Prodefence SRL CEO - Cyber Security, Pentesting & Ethical Hacking - Malware Analyst

2 thoughts on “Malware spread on Google Maps,Github & Amazon

  • 24/06/2017 at 6:50 AM
    Permalink

    Wooow.
    This is sick!!!!!!!!!
    Thanks for sharing!

  • 24/06/2017 at 9:00 AM
    Permalink

    Nice done Alex

    😉

Leave a Reply

SC ProDefence SRL - Cyber Security Services