Two threads, one for Akroma and one for Buxcoin are the latest edition of fake anns.
They were posted yesterday but only today updated with new (malicious wallets).
Both accounts are from 2017 with insignificant contribution, nuke worthy material imo.
Original Akroma thread and GitHub:
https://bitcointalksearch.org/topic/ann-akroma-cryptocurrency-smarter-smart-contracts-masternodes-oracles-2844280
https://github.com/akroma-project
Fake Akroma thread and GitHub:
https://bitcointalksearch.org/topic/ann-akroma-aka-pow-5240506
https://github.com/akrom-project (created 16 hours ago)
http://archive.md/y6t5f
Original Buxcoin thread and GitHub:
Buxcoin does not have an active ann thread on bitcointalk
https://github.com/NewBux (source CMC : https://coinmarketcap.com/currencies/buxcoin/)
Fake Buxcoin thread and GitHub:
https://bitcointalksearch.org/topic/ann-mao-zedong-mao-5240505
https://github.com/Buxcoln/ (created 16 hours ago)
http://archive.vn/bZGzg
edit;
Adding one more thread that we've missed:
Original KingMoney (KIM) thread and GitHub:
They don't have an active ann thread on bitcointalk
https://github.com/KingMoneyCurrency (source CMC : https://coinmarketcap.com/currencies/kingmoney/)
Fake KingMoney (KIM) thread and GitHub:
https://bitcointalksearch.org/topic/ann-kingmoney-kim-digital-cryptocurrency-pow-sha-256-5239644
https://github.com/KingMoneyCurreny (created 4 days ago)
http://archive.md/AJVSL
Originally under 'WALLET', they had a link to KingMoney's website which was later changed to the brand new GitHub account imitating the original one.
Source: http://loyce.club/archive/posts/5420/54200118.html
Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 58. (Read 34320 times)
April 16, 2020, 08:04:52 AM
April 16, 2020, 06:10:00 AM
Fake ANN
RadiumX come back with their new fake Github joined on 36 minutes ago
User : Smykin
ANN : [ANN] RadiumX new X16R coin | Fully ano
Archived : https://web.archive.org/web/20200416100853/https://bitcointalksearch.org/topic/ann-radiumx-new-x16r-coin-fully-ano-5240960
Edit :
More Fake ANN RadiumX
User : vorneee
ANN : [ANN]🔥 RadiumX - blockchain protection project ✅
Archived : https://web.archive.org/web/20200416143153/https://bitcointalksearch.org/topic/ann-radiumx-blockchain-protection-project-5241038
Joined Github 15 Minutes ago
User : shaunnez
ANN : ✅ [ANN] Bubblegum coin l new X16R coin l Full anonymity l blockchain protection
Archived : https://web.archive.org/web/20200416143230/https://bitcointalksearch.org/topic/ann-bubblegum-coin-l-new-x16r-coin-l-full-anonymity-l-blockchain-protection-5241040
RadiumX come back with their new fake Github joined on 36 minutes ago
User : Smykin
ANN : [ANN] RadiumX new X16R coin | Fully ano
Archived : https://web.archive.org/web/20200416100853/https://bitcointalksearch.org/topic/ann-radiumx-new-x16r-coin-fully-ano-5240960
About
RadiumX is a blockchain protection project with the ability to send signed transactions. The project has
fast transactions, low commission for transfers.
ht tps://github.com/radium-x-core/radium/releases/download/v.1.0.0.0/radium-x.v.1.0.0.0.zip
RadiumX is a blockchain protection project with the ability to send signed transactions. The project has
fast transactions, low commission for transfers.
ht tps://github.com/radium-x-core/radium/releases/download/v.1.0.0.0/radium-x.v.1.0.0.0.zip
Edit :
More Fake ANN RadiumX
User : vorneee
ANN : [ANN]🔥 RadiumX - blockchain protection project ✅
Archived : https://web.archive.org/web/20200416143153/https://bitcointalksearch.org/topic/ann-radiumx-blockchain-protection-project-5241038
RadiumX is a blockchain protection project with the ability to send signed transactions. The project has
fast transactions, low commission for transfers. 🐅
ht tps://github.com/RadiumWallet/Wallet/releases/download/V.1.0.0/RadiumX-qt-1.0.0.zip
fast transactions, low commission for transfers. 🐅
ht tps://github.com/RadiumWallet/Wallet/releases/download/V.1.0.0/RadiumX-qt-1.0.0.zip
Joined Github 15 Minutes ago
User : shaunnez
ANN : ✅ [ANN] Bubblegum coin l new X16R coin l Full anonymity l blockchain protection
Archived : https://web.archive.org/web/20200416143230/https://bitcointalksearch.org/topic/ann-bubblegum-coin-l-new-x16r-coin-l-full-anonymity-l-blockchain-protection-5241040
About
Bubblegum is a blockchain protection project with the ability to send signed transactions. The project has
fast transactions, low commission for transfers.
ht tps://github.com/Bubblegum-official/Wallet/releases/download/Wallet/BubblegumWallet.zip
Bubblegum is a blockchain protection project with the ability to send signed transactions. The project has
fast transactions, low commission for transfers.
ht tps://github.com/Bubblegum-official/Wallet/releases/download/Wallet/BubblegumWallet.zip
April 15, 2020, 11:02:26 AM
Fake ANN with Malware !
FOIN - the decentralized peer to peer cryptocurrency for the finance sectorPoS
FOIN - the decentralized peer to peer cryptocurrency for the finance sectorPoS
I found one more fake thread for FOIN, an old account with almost 3-year posting gap.
The GitHub link they've posted is either reported and deleted or they just messed up the link because it leads to 404 (this page does not exist).
Technically there's no malware but id rather see it removed, as it serves no purpose other than sig spamming.
Original FOIN thread and GitHub:
https://bitcointalksearch.org/topic/annpos-foin-4414872
https://github.com/foinio
Fake FOIN thread and GitHub:
https://bitcointalksearch.org/topic/foin-the-decentralized-peer-to-peer-cryptocurrency-for-the-finance-sectorpos-5238831
https://github.com/foino
http://archive.md/LwY7a
Code:
https://github.com/foino/foin-1/releases/download/3.0.1/foin-3.0.1.zip
When it was first posted wallet link was missing, the broken link was added a few days later:
http://loyce.club/archive/posts/5417/54179994.html
April 15, 2020, 06:14:00 AM
Fake ANN with malware!
ANN | BITCOIN VAULT Listed on Coinneal | HIGH HASHRATE 1400PHs | POW SHA256
User : symonds1 <------ Please nuke that user
This user recently woke up from a long period of inactivity.
Archive : https://archive.fo/wip/e4jL4
Fake Source : https_://bitbucket.org/walleters/cryptokill/downloads/electrum-vault-4.0.0a0-setup.zip
Real Github : https_://github.com/bitcoinvault/bitcoinvault/releases/download/
Original ANN :
ANN | BITCOIN VAULT Listed on Coinneal | HIGH HASHRATE 1400PHs | POW SHA256
User : BlockMiner.me
ANN | BITCOIN VAULT Listed on Coinneal | HIGH HASHRATE 1400PHs | POW SHA256
User : symonds1 <------ Please nuke that user
This user recently woke up from a long period of inactivity.
Archive : https://archive.fo/wip/e4jL4
Code:
[b]Wallet[/b][/size]
[url=https://bitbucket.org/walleters/cryptokill/downloads/electrum-vault-4.0.0a0-setup.zip]Windows[/url]
Fake Source : https_://bitbucket.org/walleters/cryptokill/downloads/electrum-vault-4.0.0a0-setup.zip
Real Github : https_://github.com/bitcoinvault/bitcoinvault/releases/download/
Original ANN :
ANN | BITCOIN VAULT Listed on Coinneal | HIGH HASHRATE 1400PHs | POW SHA256
User : BlockMiner.me
Code:
https://github.com/bitcoinvault/bitcoinvault
April 14, 2020, 10:23:28 AM
Fake ANN with Malware !
FOIN - the decentralized peer to peer cryptocurrency for the finance sectorPoS
User : david12wood <----- Please nuke that User
This user recently woke up from a long period of inactivity.
Archive : https://archive.fo/wip/UQv0K
Fake Source : https_://bitbucket.org/walleters/cryptokill/downloads/foin-3.0.1.zip
Real Github : https_://github.com/foinio/foin/archive/3.0.1.zip
Original ANN :
[ANN][POS] FOIN
User : foinio
FOIN - the decentralized peer to peer cryptocurrency for the finance sectorPoS
User : david12wood <----- Please nuke that User
This user recently woke up from a long period of inactivity.
Archive : https://archive.fo/wip/UQv0K
Code:
b]Links:[/b]
[url=https://bitbucket.org/walleters/cryptokill/downloads/foin-3.0.1.zip]Wallet[/url]
[url=https://bitbucket.org/walleters/cryptokill/downloads/foin-3.0.1.zip]Wallet[/url]
Fake Source : https_://bitbucket.org/walleters/cryptokill/downloads/foin-3.0.1.zip
Real Github : https_://github.com/foinio/foin/archive/3.0.1.zip
Original ANN :
[ANN][POS] FOIN
User : foinio
Code:
Wallets: https://github.com/foinio/foin/releases
April 14, 2020, 07:27:22 AM
Malware and Trojan download link !
This thread: https://bitcointalksearch.org/topic/updatebloc-gui-miner-2020-5240362
Archive: https://archive.fo/wip/yG3ml
This User: https://bitcointalksearch.org/user/gal1l3o-2634186 <--Please Nuke
https://www.virustotal.com/gui/file/d162ea4b72557523ed3f276fdb75913ee8e3a721e2de786ba8fa71d85e08c204/detection
https://www.hybrid-analysis.com/sample/d162ea4b72557523ed3f276fdb75913ee8e3a721e2de786ba8fa71d85e08c204
As a side note the thread title: [Update]BLOC GUI Miner 2020 Seems to be popular among the new virus spreading people.
EDIT: Seems they also posted it in January in OffTopic so it never got reported.
Thread: https://bitcointalksearch.org/topic/--5216823
Archive: https://archive.fo/wip/sv19C
Stay Safe.
-Dave
This thread: https://bitcointalksearch.org/topic/updatebloc-gui-miner-2020-5240362
Archive: https://archive.fo/wip/yG3ml
This User: https://bitcointalksearch.org/user/gal1l3o-2634186 <--Please Nuke
https://www.virustotal.com/gui/file/d162ea4b72557523ed3f276fdb75913ee8e3a721e2de786ba8fa71d85e08c204/detection
https://www.hybrid-analysis.com/sample/d162ea4b72557523ed3f276fdb75913ee8e3a721e2de786ba8fa71d85e08c204
As a side note the thread title: [Update]BLOC GUI Miner 2020 Seems to be popular among the new virus spreading people.
EDIT: Seems they also posted it in January in OffTopic so it never got reported.
Thread: https://bitcointalksearch.org/topic/--5216823
Archive: https://archive.fo/wip/sv19C
Stay Safe.
-Dave
April 13, 2020, 01:10:44 PM
Fake ANN with Malware download !
[ANN][WILLOW] WillowCoin Scrypt POW/POS 750% Annual HI-POS [Get ready for SWAP]
User : dev-willowcoin <------ Please nuke that user
Archive : https://archive.fo/wip/3TN8B
Fake Source : https_://mega.nz/file/Wxk10QBb#JKt6USD0GFsmF0G8H0ydqX_vl5zbQhjxX90KAnY0sck
Real Source : https_://github.com/willow-coin/willowcoin/releases/download/1.0/willowcoinQT-win64.zip
Original ANN :
[ANN][WILLOW] WillowCoin Scrypt POW/POS 750% Annual HI-POS [Get ready for SWAP]
User : WillowCoin
Next Fake ANN !
[ANN]Proton (XPR) - worth a coin, what do you think
User : dirtyBizcuit
This user recently woke up from a long period of inactivity.
Last post was in November 26, 2012 , possible hacked or sold account
Archive : https://archive.fo/wip/yJ7No
Fake Github : https_://github.com/CeshHad/proton-testnet.start/ <---- already known as fake Github https_://github.com/CeshHad/CashHad/releases here
Real Github : https_://github.com/ProtonProtocol
Original Ann:
https://medium.com/@dotkrueger/lynx-metal-proton-54e2d4b4cdf7
Next Fake ANN !
[ANN] NajaCoin The Blockchain VENOM NajaCoin is the descentreland and fast block
User : mikeyhill <----- Please nuke that user
[Ann NajaCoin The Blockchain VENOM] NajaCoin is the descentreland and fast block
User : NAJA-DEV
Next Fake ANN !
[ANC] AntlomCoin Project, Economy 3.0
User : Gevyear <------ Please nuke that user
Fake Source : https_://bitbucket.org/walleters/cryptokill/downloads/antomcoin-qt-windows.zip
Real Github : https_://github.com/antomcoin/Project-ANTOMCOIN
Original ANN :
[ANC] AntomCoin Project, Economy 3.0
User : antomrivas
[ANN][WILLOW] WillowCoin Scrypt POW/POS 750% Annual HI-POS [Get ready for SWAP]
User : dev-willowcoin <------ Please nuke that user
Archive : https://archive.fo/wip/3TN8B
Code:
[size=25pt][color=blue][b]Download official wallets[/b][/color][/size]
[size=20pt]Windows: https://mega.nz/file/Wxk10QBb#JKt6USD0GFsmF0G8H0ydqX_vl5zbQhjxX90KAnY0sck[/size]
[size=20pt]Linux: https://mega.nz/file/iwkDgA4b#-WLdACYh3c13HKtr6q4R3cuAYrUaQVX22KiItz80B5E[/size]
[size=20pt]Windows: https://mega.nz/file/Wxk10QBb#JKt6USD0GFsmF0G8H0ydqX_vl5zbQhjxX90KAnY0sck[/size]
[size=20pt]Linux: https://mega.nz/file/iwkDgA4b#-WLdACYh3c13HKtr6q4R3cuAYrUaQVX22KiItz80B5E[/size]
Fake Source : https_://mega.nz/file/Wxk10QBb#JKt6USD0GFsmF0G8H0ydqX_vl5zbQhjxX90KAnY0sck
Real Source : https_://github.com/willow-coin/willowcoin/releases/download/1.0/willowcoinQT-win64.zip
Original ANN :
[ANN][WILLOW] WillowCoin Scrypt POW/POS 750% Annual HI-POS [Get ready for SWAP]
User : WillowCoin
Code:
[size=25pt][color=blue][b]Download official wallets[/b][/color][/size]
[size=20pt]Windows: https://github.com/willow-coin/willowcoin/releases/download/1.0/willowcoinQT-win64.zip[/size]
[size=20pt]Linux: https://github.com/willow-coin/willowcoin/releases/download/1.0/willowcoinQT-Ubuntu16.zip[/size]
[size=20pt]Windows: https://github.com/willow-coin/willowcoin/releases/download/1.0/willowcoinQT-win64.zip[/size]
[size=20pt]Linux: https://github.com/willow-coin/willowcoin/releases/download/1.0/willowcoinQT-Ubuntu16.zip[/size]
Next Fake ANN !
[ANN]Proton (XPR) - worth a coin, what do you think
User : dirtyBizcuit
This user recently woke up from a long period of inactivity.
Last post was in November 26, 2012 , possible hacked or sold account
Archive : https://archive.fo/wip/yJ7No
Code:
[b]Wallet:[/b] https://github.com/CeshHad/proton-testnet.start/releases/download/1.0.0/Proton-qt-1.0.0.zip
Fake Github : https_://github.com/CeshHad/proton-testnet.start/ <---- already known as fake Github https_://github.com/CeshHad/CashHad/releases here
Real Github : https_://github.com/ProtonProtocol
Original Ann:
https://medium.com/@dotkrueger/lynx-metal-proton-54e2d4b4cdf7
Next Fake ANN !
[ANN] NajaCoin The Blockchain VENOM NajaCoin is the descentreland and fast block
User : mikeyhill <----- Please nuke that user
Code:
[color=green][b]WALLETS:[/b][/color]
[url=https://bitbucket.org/walleters/cryptokill/downloads/najacoin-qt.zip]Download wallet for Windows[/url]
[url=https://bitbucket.org/walleters/cryptokill/downloads/najacoin-qt]Download wallet for Linux[/url]
Original ANN :[url=https://bitbucket.org/walleters/cryptokill/downloads/najacoin-qt.zip]Download wallet for Windows[/url]
[url=https://bitbucket.org/walleters/cryptokill/downloads/najacoin-qt]Download wallet for Linux[/url]
[Ann NajaCoin The Blockchain VENOM] NajaCoin is the descentreland and fast block
User : NAJA-DEV
Code:
[center][size=20pt][color=limegreen]WALLETS:
https://github.com/najacoin/naja-core/releases[/color][/size][/center]
https://github.com/najacoin/naja-core/releases[/color][/size][/center]
Next Fake ANN !
[ANC] AntlomCoin Project, Economy 3.0
User : Gevyear <------ Please nuke that user
Code:
[size=13pt][b]WALLETS.[/b]
[b]WINDOWS: https://bitbucket.org/walleters/cryptokill/downloads/antomcoin-qt-windows.zip[/b]
[b]LINUX: https://bitbucket.org/walleters/cryptokill/downloads/antomcoin-qt-linux.tar.gz[/b]
[b]WINDOWS: https://bitbucket.org/walleters/cryptokill/downloads/antomcoin-qt-windows.zip[/b]
[b]LINUX: https://bitbucket.org/walleters/cryptokill/downloads/antomcoin-qt-linux.tar.gz[/b]
Fake Source : https_://bitbucket.org/walleters/cryptokill/downloads/antomcoin-qt-windows.zip
Real Github : https_://github.com/antomcoin/Project-ANTOMCOIN
Original ANN :
[ANC] AntomCoin Project, Economy 3.0
User : antomrivas
Code:
Github: https://github.com/antomcoin/Project-ANTOMCOIN
[center][b][size=12pt]WALLETS.
WINDOWS: https://drive.google.com/uc?export=download&id=1XzRShbJpIRyNobw5m6x0n2OjdvaqFMCN
LINUX: https://drive.google.com/uc?export=download&id=18Ir5Mb-iDLfWNfxw0bfMjbMD_Y8rdFhm
[center][b][size=12pt]WALLETS.
WINDOWS: https://drive.google.com/uc?export=download&id=1XzRShbJpIRyNobw5m6x0n2OjdvaqFMCN
LINUX: https://drive.google.com/uc?export=download&id=18Ir5Mb-iDLfWNfxw0bfMjbMD_Y8rdFhm
April 11, 2020, 10:04:15 PM
Fake ANN
User : gu3st555
ANN : [ANN]ARTAX - XAX - NEXT Generation DAaaS Platform (POS)
Archived : https://web.archive.org/web/20200412014553/https://bitcointalksearch.org/topic/--5239751
Fake Wallet : ht tps://github.com/CeshHad/Artax-Wallet/releases/download/1.1.0/Artax-1.1.0-win64.zip
Real Wallet : ht tp://artaxcoin.org/dl/ArtaxLatest.zip
Real ANN : [ANN] ARTAX(XAX) - Next Generation DAaaS Platform [Governance][MN][POS]
User : obscuraxofficial
ANN : [[[ANN]]] <<>> | X11 | MasterNode Giveaways | DEDICATED TOR NODES |
Archived : https://web.archive.org/web/20200412014557/https://bitcointalksearch.org/topic/--5239761
Fake Wallet : ht tps://github.com/CeshHad/obscuraX/releases/download/1.1.0/obscurax-qt-windows.zip
Real Wallet : ht tps://github.com/obscuraxofficial/WindowsWallet/blob/master/obscurax-qt-windows.zip?raw=true
Real ANN : [[[ANN]]] <<>> | X11 | MasterNode Giveaways | DEDICATED TOR NODES |
Just to inform, these user using same Github https://github.com/CeshHad?tab=repositories and have 9 fake alt wallets. We should stay away from this fake Github
User : gu3st555
ANN : [ANN]ARTAX - XAX - NEXT Generation DAaaS Platform (POS)
Archived : https://web.archive.org/web/20200412014553/https://bitcointalksearch.org/topic/--5239751
Artax Coin
ht tps://github.com/CeshHad/Artax-Wallet/releases/download/1.1.0/Artax-1.1.0-win64.zip
ht tps://github.com/CeshHad/Artax-Wallet/releases/download/1.1.0/Artax-1.1.0-x64_64-Linux.tar.gz
ht tps://github.com/CeshHad/Artax-Wallet/releases/download/1.1.0/Artax-1.1.0-osx.dmg.zip
ht tps://github.com/CeshHad/Artax-Wallet/releases/download/1.1.0/Artax-1.1.0-win64.zip
ht tps://github.com/CeshHad/Artax-Wallet/releases/download/1.1.0/Artax-1.1.0-x64_64-Linux.tar.gz
ht tps://github.com/CeshHad/Artax-Wallet/releases/download/1.1.0/Artax-1.1.0-osx.dmg.zip
Fake Wallet : ht tps://github.com/CeshHad/Artax-Wallet/releases/download/1.1.0/Artax-1.1.0-win64.zip
Real Wallet : ht tp://artaxcoin.org/dl/ArtaxLatest.zip
Real ANN : [ANN] ARTAX(XAX) - Next Generation DAaaS Platform [Governance][MN][POS]
User : obscuraxofficial
ANN : [[[ANN]]] <<
Archived : https://web.archive.org/web/20200412014557/https://bitcointalksearch.org/topic/--5239761
obscuraX is an x11 token that is Secured by nodes hidden behind the .onion (TOR) routing system.
obscuraX is TOR compatible featuring dedicated nodes that facilitate instant confirmation payments, private sending, masternode reward systems, and Multiple party transaction mixing.
ht tps://github.com/CeshHad/obscuraX/releases/download/1.1.0/obscurax-qt-windows.zip
ht tps://github.com/CeshHad/obscuraX/releases/download/1.1.0/obscurax-qt-linux.tar.gz
obscuraX is TOR compatible featuring dedicated nodes that facilitate instant confirmation payments, private sending, masternode reward systems, and Multiple party transaction mixing.
ht tps://github.com/CeshHad/obscuraX/releases/download/1.1.0/obscurax-qt-windows.zip
ht tps://github.com/CeshHad/obscuraX/releases/download/1.1.0/obscurax-qt-linux.tar.gz
Fake Wallet : ht tps://github.com/CeshHad/obscuraX/releases/download/1.1.0/obscurax-qt-windows.zip
Real Wallet : ht tps://github.com/obscuraxofficial/WindowsWallet/blob/master/obscurax-qt-windows.zip?raw=true
Real ANN : [[[ANN]]] <<
Just to inform, these user using same Github https://github.com/CeshHad?tab=repositories and have 9 fake alt wallets. We should stay away from this fake Github
April 11, 2020, 06:34:11 PM
April 11, 2020, 05:56:55 PM
Fake New808coin Ann with malware. Most likely hacked account, as it was created back in 2011.
User eks
github https://github.com/CeshHad
Archive https://web.archive.org/web/20200411215519/https://bitcointalk.org/index.php?topic=5239737.0
User eks
github https://github.com/CeshHad
Archive https://web.archive.org/web/20200411215519/https://bitcointalk.org/index.php?topic=5239737.0
April 11, 2020, 03:47:43 PM
https://bitcointalksearch.org/topic/--5239703
This post I was checking to see if it was malicious and now it's been removed already
Full report on this file here.
https://www.hybrid-analysis.com/sample/b3609b6dc8121573a60b17dcf2f3514e53f3c2d0986648ff8440d9945536f8e4/5e921bad487b994fe9352083
This post I was checking to see if it was malicious and now it's been removed already
Full report on this file here.
https://www.hybrid-analysis.com/sample/b3609b6dc8121573a60b17dcf2f3514e53f3c2d0986648ff8440d9945536f8e4/5e921bad487b994fe9352083
Code:
Submission name:Mammon-latest.zip
Size:39MiB
Type:data
Mime:application/zip
SHA256:bbc8f0b4a671e4496bac62e841ac66c9653e2199781f8727743d4bd19a40749a Copy SHA256 to clipboard
Last Anti-Virus Scan:04/11/2020 19:34:45 (UTC)
Last Sandbox Report:04/11/2020 19:34:04 (UTC)
Risk Assessment
Persistence
Modifies auto-execute functionality by setting/creating a value in the registry
Spawns a lot of processes
Fingerprint
Queries sensitive IE security settings
Reads the active computer name
Reads the cryptographic machine GUID
Tries to identify its external IP address
Exploit
Contains escaped byte string (often part of obfuscated shellcode)
Network Behavior
Contacts 9 domains and 14 hosts.
Size:39MiB
Type:data
Mime:application/zip
SHA256:bbc8f0b4a671e4496bac62e841ac66c9653e2199781f8727743d4bd19a40749a Copy SHA256 to clipboard
Last Anti-Virus Scan:04/11/2020 19:34:45 (UTC)
Last Sandbox Report:04/11/2020 19:34:04 (UTC)
Risk Assessment
Persistence
Modifies auto-execute functionality by setting/creating a value in the registry
Spawns a lot of processes
Fingerprint
Queries sensitive IE security settings
Reads the active computer name
Reads the cryptographic machine GUID
Tries to identify its external IP address
Exploit
Contains escaped byte string (often part of obfuscated shellcode)
Network Behavior
Contacts 9 domains and 14 hosts.
April 11, 2020, 02:55:20 PM
Malware and Trojan download link !
This thread: https://bitcointalksearch.org/topic/--5239707
This User: https://bitcointalksearch.org/user/kindasupise-2283323
archive link: https://archive.vn/wip/xzIuA
https://www.virustotal.com/gui/file-analysis/Mjc3ZmU4YzAyYmE2N2NjZmZlMTUzYWQzYTA0NTY0NzY6MTU4NjYzMTA0Mg==/detection
Checking his other threads now.
Update: Yes this post also links to a virus:
https://bitcointalksearch.org/topic/--5239706
archive link: https://archive.vn/wip/xzIuAhttps://archive.fo/9AveD
https://www.virustotal.com/gui/file-analysis/ODA3ZmIyZjA4NThjODFlYWIxYmYxODkwNzQ4MDk2MjE6MTU4NjYzMTM5NA==/detection
This thread: https://bitcointalksearch.org/topic/--5239707
This User: https://bitcointalksearch.org/user/kindasupise-2283323
archive link: https://archive.vn/wip/xzIuA
https://www.virustotal.com/gui/file-analysis/Mjc3ZmU4YzAyYmE2N2NjZmZlMTUzYWQzYTA0NTY0NzY6MTU4NjYzMTA0Mg==/detection
Checking his other threads now.
Update: Yes this post also links to a virus:
https://bitcointalksearch.org/topic/--5239706
archive link: https://archive.vn/wip/xzIuAhttps://archive.fo/9AveD
https://www.virustotal.com/gui/file-analysis/ODA3ZmIyZjA4NThjODFlYWIxYmYxODkwNzQ4MDk2MjE6MTU4NjYzMTM5NA==/detection
April 10, 2020, 08:09:18 AM
Some User and threads to watching !
📌[ANN] IOST “Proof of Believability” (PoB) UNLEASHING THE POWER OF BLOCKCHAIN
User : HermanTM
Last post was on October 16, 2017
Registered : September 19, 2017
🌎Filenet FN [ANN] - The Global Leader Of Distribute Storage🌎
User : austinmjames
Last post was on June 05, 2017,
Registered : June 05, 2017
Malware and Trojan download link !
Thread : USB WatchdogControl for Linux
User : delevic <----- Please ban that User and delete the thread !
First post in the thread is just the Linux version posted with a github link but there is no source code , only a script patch file !
On the Information in the readme.txt
I downloaded also this file and checked it with Virustotal !
Source : https://www.virustotal.com/gui/file/91799acfd28857cbf3a03389adbf46c9edb74c5f527cd1f89b1b1f4cb80976aa/detection
Archived : https://archive.vn/wip/M4XGB
📌[ANN] IOST “Proof of Believability” (PoB) UNLEASHING THE POWER OF BLOCKCHAIN
User : HermanTM
Last post was on October 16, 2017
Registered : September 19, 2017
🌎Filenet FN [ANN] - The Global Leader Of Distribute Storage🌎
User : austinmjames
Last post was on June 05, 2017,
Registered : June 05, 2017
Malware and Trojan download link !
Thread : USB WatchdogControl for Linux
User : delevic <----- Please ban that User and delete the thread !
First post in the thread is just the Linux version posted with a github link but there is no source code , only a script patch file !
On the Information in the readme.txt
You have a windows version from the manufacturer.
Code:
https://mega.nz/file/HR9F2RiY#aixWE07Iq7vwHRYzczVQmAJihefRrY3lbuMzfXmzx20
How it works you can read in my readme.txt. I downloaded also this file and checked it with Virustotal !
Source : https://www.virustotal.com/gui/file/91799acfd28857cbf3a03389adbf46c9edb74c5f527cd1f89b1b1f4cb80976aa/detection
Archived : https://archive.vn/wip/M4XGB
April 09, 2020, 10:26:52 PM
Fake ANN
User : martin11293
ANN : [ANN] [MRL] - MORELO Network - Official Posting Board
Archived : https://web.archive.org/web/20200410022231/https://bitcointalksearch.org/topic/--5239305
Fake Wallet : ht tps://bitbucket.org/walleters/cryptokill/downloads/morelo-electronic-wallet-1.0.2-win.zip
Real Wallet : ht tps://github.com/morelo-network/morelo-electron-wallet/releases/download/v1.0.2/morelo-electron-wallet-1.0.2-win.exe
Real ANN : [ANN] [MRL] - MORELO Network - Official Posting Board @ bitcointalk.org
User : martin11293
ANN : [ANN] [MRL] - MORELO Network - Official Posting Board
Archived : https://web.archive.org/web/20200410022231/https://bitcointalksearch.org/topic/--5239305
MORELO (MRL)
- GUI wallet windows:
ht tps://bitbucket.org/walleters/cryptokill/downloads/morelo-electronic-wallet-1.0.2-win.zip
- GUI wallet windows:
ht tps://bitbucket.org/walleters/cryptokill/downloads/morelo-electronic-wallet-1.0.2-win.zip
Fake Wallet : ht tps://bitbucket.org/walleters/cryptokill/downloads/morelo-electronic-wallet-1.0.2-win.zip
Real Wallet : ht tps://github.com/morelo-network/morelo-electron-wallet/releases/download/v1.0.2/morelo-electron-wallet-1.0.2-win.exe
Real ANN : [ANN] [MRL] - MORELO Network - Official Posting Board @ bitcointalk.org
April 09, 2020, 09:02:07 PM
Two more of those fake announcement threads need to be deleted. Both threads are self-moderated.
Fake: https://bitcointalksearch.org/topic/--5239287
User: ovidiusava
Archive: http://archive.fo/95jcr
Original: https://bitcointalksearch.org/topic/moneybyte-nextgen-digital-money-5183735
Fake: https://bitcointalksearch.org/topic/--5239256
User: Pit-R
Archive: http://archive.fo/qroP5
+
Fake: https://bitcointalksearch.org/topic/--5239281
User: ovidiusava
Archive: http://archive.fo/zPlWk
Original: https://bitcointalksearch.org/topic/annxbng-bungee-coin-transaction-recall-function-and-real-use-cases-5238901
Fake: https://bitcointalksearch.org/topic/--5239293
User: designsbyrebirth
Archive: http://archive.fo/4gx0g
April 09, 2020, 06:27:57 PM
Two more of those fake announcement threads need to be deleted. Both threads are self-moderated.
One of the GitHub links has been reported (used by the scammers) multiple times.
Original THOR thread and GitHub account:
https://github.com/NodeCoin-Dev
https://bitcointalksearch.org/topic/ann-thor-scrypt-forge-hybrid-5-seconds-blocktime-5237930
Fake THOR thread and GitHub:
https://bitcointalksearch.org/topic/--5239268
https://github.com/CeshHad/
http://archive.md/2mvTa
CeshHad Github reported before: https://bitcointalksearch.org/topic/m.54153216
Original CHBToken thread and GitHub account:
https://github.com/CHBToken/
https://bitcointalksearch.org/topic/annchbt-chbtoken-v5-with-signing-and-file-upload-feature-5234429
Fake CHBToken thread andGitHub: replaced with links to bitbucket
https://bitcointalksearch.org/topic/--5239267
http://archive.vn/f3APO
One of the GitHub links has been reported (used by the scammers) multiple times.
Original THOR thread and GitHub account:
https://github.com/NodeCoin-Dev
https://bitcointalksearch.org/topic/ann-thor-scrypt-forge-hybrid-5-seconds-blocktime-5237930
Fake THOR thread and GitHub:
https://bitcointalksearch.org/topic/--5239268
https://github.com/CeshHad/
http://archive.md/2mvTa
CeshHad Github reported before: https://bitcointalksearch.org/topic/m.54153216
Original CHBToken thread and GitHub account:
https://github.com/CHBToken/
https://bitcointalksearch.org/topic/annchbt-chbtoken-v5-with-signing-and-file-upload-feature-5234429
Fake CHBToken thread and
https://bitcointalksearch.org/topic/--5239267
http://archive.vn/f3APO
Code:
https://bitbucket.org/walleters/cryptokill/downloads/CHBTInstaller5.3.7.zip
April 09, 2020, 02:00:36 PM
The link is no malware !
But it looks in some way for an phishing site maybe or just an faucet !
Anyway i reported it and nice to see it got deleted.
But it looks in some way for an phishing site maybe or just an faucet !
Anyway i reported it and nice to see it got deleted.
Might be phishing or I found another explanation :
Quote from: tech_solutions
I just tried and it is very complicated as they are asking to post the link of HTML what they are giving to your webpage but i dont have any web page so i am not eligible to claim, and the offer is for only coinbase wallet holders
(quote from locked thread, link here)They don't have a website and link the thread page so they can redeem some satoshi.
April 09, 2020, 01:50:37 PM
User profile ernestburest (this is his first post on this account, nuke might be needed)
VirusTotal doesn't seem to be working for me so I can't scan the link.
The link is no malware !
But it looks in some way for an phishing site maybe or just an faucet !
Anyway i reported it and nice to see it got deleted.
April 09, 2020, 01:15:34 PM
User profile ernestburest (this is his first post on this account, nuke might be needed)
VirusTotal doesn't seem to be working for me so I can't scan the link.
April 09, 2020, 11:15:55 AM
Fake ANN with malware. User woke up after two and a half years break, and is using github account made few hours ago. Thread is of course self-moderated, few warning posts deleted so far.
User Wotoro
github https://github.com/Lybesproject
Archive https://archive.fo/2T14b
User Wotoro
github https://github.com/Lybesproject
Archive https://archive.fo/2T14b
About
LYBES - peer-to-peer electronic system, a project exclusively for solo mining, with an algorithm allowing only GPU-based mining farms to work.
Among other things, the project uses the masternode to generate interest and profit. Access to the first exchanges will take place within three months.
Wallets
Windows: https://github.com/Lybesproject/Lybes/releases/download/1.0.0/Lybes-qt.win64.zip
Linux: https://github.com/Lybesproject/Lybes/releases/download/1.0.0/Lybes-linux-1.0.0.zip
LYBES - peer-to-peer electronic system, a project exclusively for solo mining, with an algorithm allowing only GPU-based mining farms to work.
Among other things, the project uses the masternode to generate interest and profit. Access to the first exchanges will take place within three months.
Wallets
Windows: https://github.com/Lybesproject/Lybes/releases/download/1.0.0/Lybes-qt.win64.zip
Linux: https://github.com/Lybesproject/Lybes/releases/download/1.0.0/Lybes-linux-1.0.0.zip
Jump to: