OP 31 July, 2024 - 03:45 PM
(This post was last modified: 31 July, 2024 - 08:00 PM by downloadedom.)
Is a "Vac bypass" and i have some doubts abt it and it has a lot of networking shit
69.42.215.252
Ports open:
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
443/tcp open https
5060/tcp open sip
8080/tcp open http-proxy
The .exe original is from "danielkrupinski" on GITHUB
You can build the "Vac bypass loader" and you'll get the synaptics pointing device stuff
Also it add itself to startup (There is no persistence rather than only install)
[color=oklab(0.899401 -0.00192499 -0.00481987)]C:\ProgramData\Synaptics
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run[/color]
The stuff seems clean but i cant manage to understand at all the binary.h![[Image: wack.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fstatic.cracked.sh%2Fimages%2Fsmilies%2Fwack.png)
The ip is from nginx, the .exe also does a connect to the API of Freedns
on fiddler it does also show connections on localhost;6654 and it shows a connection something (It does not even supposed to show anything, pure bs)
Il appreciate any type of help, on Binary ninja 4.1 you can see some mentions to Send mail and BoundIP's stuff and also something about passwords, i wonder if is from the imports or the same .exe that uses it
Edit: is not from the github but rather an actual Worm/Malware that embeds itself to other .exe's
69.42.215.252
Ports open:
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
443/tcp open https
5060/tcp open sip
8080/tcp open http-proxy
The .exe original is from "danielkrupinski" on GITHUB
You can build the "Vac bypass loader" and you'll get the synaptics pointing device stuff
Also it add itself to startup (There is no persistence rather than only install)
[color=oklab(0.899401 -0.00192499 -0.00481987)]C:\ProgramData\Synaptics
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run[/color]
The stuff seems clean but i cant manage to understand at all the binary.h
The ip is from nginx, the .exe also does a connect to the API of Freedns
on fiddler it does also show connections on localhost;6654 and it shows a connection something (It does not even supposed to show anything, pure bs)
Il appreciate any type of help, on Binary ninja 4.1 you can see some mentions to Send mail and BoundIP's stuff and also something about passwords, i wonder if is from the imports or the same .exe that uses it
Edit: is not from the github but rather an actual Worm/Malware that embeds itself to other .exe's
SELLING HQ LOGS WITH 102+ LINKS ![[Image: pepecaught.gif]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fstatic.cracked.sh%2Fimages%2Fsmilies%2Fpepecaught.gif)
cracked.io/downloadedom BEST COOKIES AND LOGIN:PASS LOGS![[Image: PepeBlush.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fstatic.cracked.sh%2Fimages%2Fsmilies%2FPepeBlush.png)
cracked.io/downloadedom BEST COOKIES AND LOGIN:PASS LOGS
