factsbion.blogg.se

1. Apb reloaded hacks 2021 archive#
2. Apb reloaded hacks 2021 rar#
3. Apb reloaded hacks 2021 code#
4. Apb reloaded hacks 2021 password#
5. Apb reloaded hacks 2021 download#

The last malicious file in the bundle is upload.exe, which uploads the video previously downloaded using download.exe, to YouTube. It is precisely through cookies that the bundle gains access to the infected user’s YouTube account, where it uploads the video. So, what remains and what do the changes amount to? The only working function in MakiseKurisu.exe is extracting cookies from browsers and storing them in a separate file without sending the stolen data anywhere. These include checking for a debugger and for a virtual environment, sending information about the infected system to instant messengers, and stealing passwords.

Apb reloaded hacks 2021 code#

The source code from GitHub was likely taken as the basis: the file contains many standard stealer features that are not used in any way.

Apb reloaded hacks 2021 password#

MakiseKurisu.exe is a password stealer written in C# and modified to suit the needs of the bundle’s creators.

Apb reloaded hacks 2021 archive#

The archive is unpacked using the console version of 7-Zip, included in the bundle. In the latest modifications, a 7-Zip archive with videos and descriptions organized into directories is downloaded.

Apb reloaded hacks 2021 download#

The malware takes the file download links from a GitHub repository. The executable file is large because it is a NodeJS interpreter glued together with the scripts and dependencies of the main application. However, it’s basically a regular loader whose purpose is to download videos for uploading to YouTube, as well as files with the description text and links to the malicious archive. The size of the download.exe file is an impressive 35 MB.

On top of that, one of the batch files runs the nir.exe utility, which lets malicious executable files run without displaying any windows or taskbar icons.Ĭontents of the first and second batch files These are the files responsible for the bundle’s self-distribution. The batch files, in turn, run three other malicious files: MakiseKurisu.exe, download.exe and upload.exe. The third executable file copies itself to the %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup directory, which ensures automatic startup and runs the first of the batch files. The second is a miner, which makes sense, since the main target audience, judging by the video, is gamers - who are likely to have video cards installed that can be used for mining. The first is the RedLine stealer mentioned above. Right after unpacking, three executable files are run: cool.exe, ***.exe and AutoRun.exe. Because of the expletives used by the bundle’s creators, we had to hide some file names.

Apb reloaded hacks 2021 rar#

The original bundle is a self-extracting RAR archive containing a number of malicious files, clean utilities and a script to automatically run the unpacked contents. According to Google, the hacked channels were quickly terminated for violation of the company’s Community Guidelines. Among the games mentioned are APB Reloaded, CrossFire, DayZ, Dying Light 2, F1® 22, Farming Simulator, Farthest Frontier, FIFA 22, Final Fantasy XIV, Forza, Lego Star Wars, Osu!, Point Blank, Project Zomboid, Rust, Sniper Elite, Spider-Man, Stray, Thymesia, VRChat and Walken. The videos advertise cheats and cracks and provide instructions on hacking popular games and software. Several files are responsible for this, which receive videos, and post them to the infected users’ YouTube channels along with the links to a password-protected archive with the bundle in the description. In addition to the payload itself, the discovered bundle is of note for its self-propagation functionality. The stealer spreads in various ways, including through malicious spam e-mails and third-party loaders. In addition, RedLine can download and run third-party programs, execute commands in cmd.exe and open links in the default browser. The stealer can pinch usernames, passwords, cookies, bank card details and autofill data from Chromium- and Gecko-based browsers, data from cryptowallets, instant messengers and FTP/SSH/VPN clients, as well as files with particular extensions from devices. It is openly available on underground hacker forums for just a few hundred dollars, a relatively small price tag for malware. Discovered in March 2020, RedLine is currently one of the most common Trojans used to steal passwords and credentials from browsers, FTP clients and desktop messengers. Its main payload is the widespread RedLine stealer. UPD: A notice on Google’s response to the issue was added.Īn unusual malicious bundle (a collection of malicious programs distributed in the form of a single installation file, self-extracting archive or other file with installer-type functionality) recently caught our eye.