Silent miner backdoored – Malware reverse

Today i found new backdoored hacking tool to play with.

A new Silent Miner made to infect with remote access some ”hackers”.

The exe it is binded with some files to work underground.

[amazon_link asins=’B00IA22R2Y,0071832386,1260108414,0071772499,1979323739′ template=’ProductCarousel’ store=’secure001a-20′ marketplace=’US’ link_id=’120e91ff-bf46-11e7-a2f3-253bd38402b2′]

taskhost.exe
original filename: canhost.exe
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY”; Key: “DISABLESECURITYSETTINGSCHECK
netsh firewall add allowedprogram “%APPDATA%\taskhost.exe
http://120988.myq-see.com
178.137.146.32 – Ukraine
41.226.243.30:1337
Temp1.exe
C:\Users\mourad\Documents\Visual Studio 2012\Projects\canhost\canhost\obj\Debug\canhost.pdb
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY”; Key: “DISABLESECURITYSETTINGSCHECK
netsh firewall add allowedprogram “%APPDATA%\taskhost.exe
http://120988.myq-see.com
178.137.146.32 – Ukraine
41.226.243.30:1337
Temp2.exe
original filename: BcnSilentminerBytcoin.exe
stratum+tcp://mine.p2pool.com:9327
http://www.bitcoin-adder.com
\visual studio 2012\Projects\Bcn Silent miner Bytcoin\Bcn Silent miner Bytcoin\obj\Debug\Bcn Silent miner Bytcoin.pdb

The antivirus software’s… hmmmm…  31/68 ?!?

Payload Security Team was there to.

And reported in the forum i found it!

 

Have fun & Stay safe!!!
Prodefence Team

 

Alex Anghelus

SC Prodefence SRL CEO - Cyber Security, Pentesting & Ethical Hacking - Malware Analyst

Leave a Reply

SC ProDefence SRL - Cyber Security Services