SnipeR
V.I.P
السلام علـــيكمـ
كود:
اليوم سأقدم لكمـ طريقتي في ســحب كل المعلومـات عن السرفر
وهي سهلـــة وأظن أنهــــا معروفة للبعض
وهي سهلـــة وأظن أنهــــا معروفة للبعض
تابـــعو :
أولا اعمل تحميل للسيرفـــر دون ان تفتحـــ ـــه
ثانـــيا اذهب الــــى http://malbox.xjtu.edu.cn/#
ثمـ اكتـــــ ب ايمايلكـ واعمل ابلواد للسرفر الملغوم
وانتـــــظر قليلا ثم اذهــــ ــب الى ايميلك الذي كتبتـــ ــه
ستظهر لك رسالة بها المعلومات هكذا :
.__ ___. _____ _____ | | \_ |__ ____ ___ ___ / \ \__ \ | | | __ \ / _ \\ \/ / | Y Y \ / __ \_| |__| \_\ \( <_> )> < |__|_| /(____ /|____/|___ / \____//__/\_ \ \/ \/ \/ \/ =====Sample Summary===== File name: sample.exe MD5: 6E4020361ADD6AA85CC1713B583EAD
EE SHA1: 184972A730FB91E204DF39FA32FC82249980A6E1 SHA256: 3F69CFD200088A7EA027CE78B5EFDBBFE69D261464ECEE4B41 1CA4EF5704B10C =====Major Threats===== [Create remote thread] explorer.exe [Create file in sensitive path] C:\WINDOWS\system32\Explorer [Set sensitive registry key] \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{013DCC6A-5C73-452D-53B9-FA0E43827E50}\stubpath ["C:\WINDOWS\system32\Explorer\Internet.exe s"] =====Behavior Details===== Create process: explorer.exe --> C:\Program Files\Internet Explorer\IEXPLORE.EXE Create remote thread: sample.exe --> explorer.exe explorer.exe --> IEXPLORE.EXE Create file: explorer.exe --> C:\WINDOWS\system32\Explorer explorer.exe --> C:\WINDOWS\system32\Explorer\Internet.exe Create key: sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\User ****************l Folders sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\****************l Folders explorer.exe --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{013DCC6A-5C73-452D-53B9-FA0E43827E50} explorer.exe --> \REGISTRY\MACHINE\SOFTWARE\Bifrost explorer.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Bifrost IEXPLORE.EXE --> \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Med iaResources\msvideo IEXPLORE.EXE --> \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tc pip\Parameters explorer.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\SessionInformation Set value key: sample.exe --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\ RNG\Seed [15 EE 3B D1 22 95 69 A2 ...] sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\****************l Folders\AppData ["C:\Documents and Settings\Administrator\Application Data"] explorer.exe --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{013DCC6A-5C73-452D-53B9-FA0E43827E50}\stubpath ["C:\WINDOWS\system32\Explorer\Internet.exe s"] explorer.exe --> \REGISTRY\MACHINE\SOFTWARE\Bifrost\nck [ED 1B E6 27 B9 28 D6 32 ...] explorer.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Bifrost\klg [00 ] IEXPLORE.EXE --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\ RNG\Seed [42 5B F1 63 8D BB 37 9A ...] IEXPLORE.EXE --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\ RNG\Seed [A7 75 A6 C0 E5 CF 60 B0 ...] IEXPLORE.EXE --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\ RNG\Seed [DA ED 9C FE 05 12 B2 8C ...] IEXPLORE.EXE --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\ RNG\Seed [C1 59 C8 07 10 C6 33 59 ...] IEXPLORE.EXE --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\ RNG\Seed [AB ED 6B 53 26 A7 47 67 ...] IEXPLORE.EXE --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\ RNG\Seed [7E 11 67 2D F8 53 7A 32 ...] IEXPLORE.EXE --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\ RNG\Seed [6D 9C 93 51 9B 8D AB DB ...] IEXPLORE.EXE --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\ RNG\Seed [DE 45 E3 72 23 5A 02 D2 ...] explorer.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\SessionInformation\ProgramCount [0x1] Try to connect domain: Test.no-ip.org
