Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
Thread topics include, but are not limited to:
Thread guidelines:
If you're not sure what kind of discussion belongs in this thread, here are some example posts. News, TA, and sentiment analysis are great, too.
Other ways to interact:
Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
Hello visitors and subscribers of r/scams! Here you will find a master list of common (and uncommon) scams that you may find online or in real life. A big thanks to the many contributors who helped create this thread.
Here is the last version of this thread. Here is the previous version of this thread from 2018, here is the previous version of this thread from 2017, and here is the previous version of this thread from 2016.
Some of these articles are from small, local publications and refer to the scam happening in a specific area. Do not think that this means that the scam won't happen in your area.
The fake check scam
(Credit to /u/nimble2 for this part)
The fake check scam arises from many different situations (for instance, you applied for a job, or you are selling something on a place like Craigslist, or someone wants to purchase goods or services from your business, or you were offered a job as a mystery shopper, or you received a check in the mail for no reason), but the bottom line is always something like this:
The scammer sends you a very real looking, but fake, check. Sometimes they'll call it a "cashier's check", a "certified check", or a "verified check".
You deposit the check into your bank account, and within a couple of days your bank makes some or all of the funds available to you. This makes you think that the check is real and the funds have cleared. However, the money appearing in your account is not the same as the check actually clearing. The bank must make the funds available to you before they have cleared the check because that is the law.
For various and often complicated reasons, depending on the specific story line of the scam, the scammer will ask you to send someone some of the money, using services like MoneyGram, Western Union, and Walmart-2-Walmart. Sometimes the scammer will ask for you to purchase gift cards (iTunes, Amazon, Steam, etc) and give them the codes to redeem the gift cards. Some scammers may also give you instructions on how to buy and send them bitcoins.
Within a couple of weeks, though it can take as long as a month, your bank will realize that the check you deposited was fake, and your bank will remove the funds that you deposited into your account and charge you a bounced check fee. If you withdrew any of the money from the fake check, that money will be gone and you will owe that money to the bank. Some posters have even had their bank accounts closed and have been blocked from having another account for 5 years using ChexSystems.
General fraudulent funds scams
If somebody is asking you to accept and send out money as a favour or as part of a job, it is a fraudulent funds scam. It does not matter how they pay you, any payment on any service can be fraudulent and will be reversed when it is discovered to be fraudulent.
Phone verification code scams
Someone will ask you to receive a verification text and then tell you to give them the code. Usually the code will come from Google Voice, or from Craigslist. In the Google version of the scam, your phone number will be used to verify a Google Voice account that the scammer will use to scam people with. In the Craigslist version of the scam, your phone number will be used to verify a Craigslist posting that the scammer will use to scam people. There is also an account takeover version of this scam that will involve the scammer sending a password reset token to your phone number and asking you for it.
Bitcoin job scams
Bitcoin job scams involve some sort of fraudulent funds transfer, usually a fake check although a fraudulent bank transfer can be used as well. The scammer will send you the fraudulent money and ask you to purchase bitcoins. This is a scam, and you will have zero recourse after you send the scammer bitcoins.
If you suddenly receive hundreds or thousands of spam emails, usually subscription confirmations, it's very likely that one of your online accounts has been taken over and is being used fraudulently. You should check any of your accounts that has a credit card linked to it, preferably from a computer other than the one you normally use. You should change all of your passwords to unique passwords and you should start using two factor authentication everywhere.
Boss/CEO scam
A scammer will impersonate your boss or someone who works at your company and will ask you to run an errand for them, which will usually be purchasing gift cards and sending them the code. Once the scammer has the code, you have no recourse.
Craigslist fake payment scams
Scammers will ask you about your item that you have listed for sale on a site like Craigslist, and will ask to pay you via Paypal. They are scamming you, and the payment in most cases does not actually exist, the email you received was sent by the scammers. In cases where you have received a payment, the scammer can dispute the payment or the payment may be entirely fraudulent. The scammer will then either try to get you to send money to them using the fake funds that they did not send to you, or will ask you to ship the item, usually to a re-shipping facility or a parcel mule.
General fraudulent funds scams
The fake check scam is not the only scam that involves accepting fraudulent/fake funds and purchasing items for scammers. If your job or opportunity involves accepting money and then using that money, it is almost certainly a frauduent funds scam. Even if the payment is through a bank transfer, Paypal, Venmo, Zelle, Interac e-Transfer, etc, it does not matter.
Fraudsters will offer to pay off your bills, and will do so with fraudulent funds. Sometimes it will be your credit card bill, but it can be any bill that can be paid online. Once they pay it off, they will ask you to send them money or purchase items for them. The fraudulent transaction will be reversed in the future and you will never be able to keep the money. This scam happens on sites like Craigslist, Twitter, Instagram, and also some dating sites, including SeekingArrangement.
A scammer will contact you with a job opportunity that involves accepting and reshipping packages. The packages are either stolen or fraudulently obtained items, and you will not be paid by the scammer. Here is a news article about a scam victim who fell for this scam and reshipped over 20 packages containing fraudulently acquired goods.
You're on Facebook and you get a friend request from a cute girl you've never met. She wants to start sexting and trading nudes. She'll ask you to send pictures or videos or get on webcam where she can see you naked with your face in the picture.
The scam: There's no girl. You've sent nudes to a guy pretending to be a girl. As soon as he has the pictures he'll demand money and threaten to send the pictures to your friends and family. Sometimes the scammer will upload the video to a porn site or Youtube to show that they are serious.
What to do if you are a victim of this scam: You cannot buy silence, you can only rent it. Paying the blackmailer will show them that the information they have is valuable and they will come after you for more money. Let your friends and family know that you were scammed and tell them to ignore friend requests or messages from people they don't know. Also, make sure your privacy settings are locked down and consider deactivating your account.
The underage girl scam
You're on a dating site or app and you get contacted by a cute girl. She wants to start sexting and trading nudes. Eventually she stops communicating and you get a call from a pissed off guy claiming to be the girl's father, or a police officer, or a private investigator, or something else along those lines. Turns out the girl you were sexting is underage, and her parents want some money for various reasons, such as to pay for a new phone, to pay for therapy, etc. There is, of course, no girl. You were communicating with a scammer.
What to do if you are a victim of this scam: Stop picking up the phone when the scammers call. Do not pay them, or they will be after you for more money.
The blackmail email scam
The exact wording of the emails varies, but there are generally four main parts. They claim to have placed software/malware on a porn/adult video site, they claim to have a video of you masturbating or watching porn, they threaten to release the video to your friends/family/loved ones/boss/dog, and they demand that you pay them in order for them to delete the video. Rest assured that this is a very common spam campaign and there is no truth behind the email or the threats. Here are some news articles about this scam.
This is very similar to the blackmail email scam, but you will receive a letter in the mail.
Rental scams
Usually on local sites like Craigslist, scammers will steal photos from legitimate real estate listings and will list them for rent at or below market rate. They will generally be hesitant to tell you the address of the property for "safety reasons" and you will not be able to see the unit. They will then ask you to pay them a deposit and they claim they will ship you the keys. In reality, your money is gone and you will have no recourse.
Craigslist vehicle scams A scammer will list a vehicle on Craigslist and will offer to ship you the car. In many cases they will also falsely claim to sell you the car through eBay or Amazon. If you are looking for a car on Craigslist and the seller says anything about shipping the car, having an agent, gives you a long story about why they are selling the car, or the listing price is far too low, you are talking to a scammer and you should ignore and move on.
Advance-fee scam, also known as the 419 scam, or the Nigerian prince scam. You will receive a communication from someone who claims that you are entitled to a large sum of money, or you can help them obtain a large sum of money. However, they will need money from you before you receive the large sum.
Man in the middle scams are very common and very hard to detect. The scammer will impersonate a company or person you are legitimately doing business with, and they will ask you to send the money to one of their own bank accounts or one controlled by a money mule. They have gained access to the legitimate persons email address, so there will be nothing suspicious about the email. To prevent this, make contact in a different way that lets you verify that the person you are talking to is the person you think you are talking to.
False Representation
This type of scam teases you with something, then tries to make you sign up for something else that costs money. The company involved is often innocent, but they turn a blind eye to the practice as it helps their bottom line, even if they have to occasionally issue refunds. A common variation takes place on dating sites/dating apps, where you will match with someone who claims to be a camgirl who wants you to sign up for a site and vote for her. Another variation takes place on local sites like Craigslist, where the scammers setup fake rental scams and demand that you go through a specific service for a credit check. Once you go through with it, the scammer will stop talking to you. Another variation also takes place on local sites like Craigslist, where scammers will contact you while you are selling a car and will ask you to purchase a Carfax-like report from a specific website.
Multi Level Marketing or Affiliate Marketing
You apply for a vague job listing for 'sales' on craigslist. Or maybe an old friend from high school adds you on Facebook and says they have an amazing business opportunity for you. Or maybe the well dressed guy who's always interviewing people in the Starbucks that you work at asks if you really want to be slinging coffee the rest of your life.
The scam: MLMs are little more than pyramid schemes. They involve buying some sort of product (usually snake oil health products like body wraps or supplements) and shilling them to your friends and family. They claim that the really money is recruiting people underneath you who give you a slice of whatever they sell. And if those people underneath you recruit more people, you get a piece of their sales. Ideally if you big enough pyramid underneath you the money will roll in without any work on your part. Failure to see any profit will be your fault for not "wanting it enough." The companies will claim that you need to buy their extra training modules or webinars to really start selling. But in reality, the vast majority of people who buy into a MLM won't see a cent. At the end of the day all you'll be doing is annoying your friends and family with your constant recruitment efforts. What to look out for: Recruiters love to be vague. They won't tell you the name of the company or what exactly the job will entail. They'll pump you up with promises of "self-generating income", "being your own boss", and "owning your own company." They might ask you to read books about success and entrepreneurs. They're hoping you buy into the dream first.
If you get approached via social media, check their timelines. MLMs will often instruct their victims to pretend that they've already made it. They'll constantly post about how they're hustling and making the big bucks and linking to youtube videos about success. Again, all very vague about what their job actually entails. If you think you're being recruited: Ask them what exactly the job is. If they can't answer its probably a MLM. Just walk away.
"I just need a few more dollars for the bus," at the bus station, or "I just need $5 to get some gas," at a gas station. There's also a variation where you will be presented with a reward: "I just need money for a cab to get uptown, but I'll give you sports tickets/money/a date/a priceless vase."
Three Card Monte, Also Known As The Shell Game
Unbeatable. The people you see winning are in on the scam.
You bump into someone and they drop their glasses/fancy bottle of wine/priceless vase and demand you pay them back. In reality, it's a $2 pair of reading glasses/bottle of three-buck-chuck/tasteful but affordable vase.
You're handed a free CD so you can check out the artist's music. They then ask for your name and immediately write it on the CD. Once they've signed your name, they ask you for money, saying they can't give it to someone else now. Often they use dry erase markers, or cheap CD sleeves. Never use any type of storage device given to you by a random person, as the device can contain malware.
You're approached and offered speakers/leather jackets/other luxury goods at a decent discount. The scammer will claim they ordered too many, their store closed, they need to avoid customs fees, or they need money quick. After you buy them, you'll discover that they are worthless.
You're approached and shown an iPhone for sale, coming in the box, but it's open and you can see the phone. If you buy the phone, you'll get an iPhone box with no iPhone, just some stones or cheap metal in it to weigh it down.
A monk in traditional garb approaches you, hands you a gold trinket, and asks for a donation. He holds either a notebook with names and amounts of donation (usually everyone else has donated $5+), or a leaflet with generic info. This is fairly common in NYC, and these guys get aggressive quickly.
You're approached by teens with a clipboard with a letter from their high school about how they need to gather donations for their upcoming seasons to buy new uniforms/equipment/priceless vases. No high school is sending their students into the subway to get pocket change.
Friendship Bracelet Scam
More common in western Europe, you're approached by someone selling bracelets. They quickly wrap a loop of fabric around your finger and pull it tight, starting to quickly weave a bracelet. The only way to (easily) get it off your hand is to pay.
Leftover sales
This scam involves many different items, but the idea is usually the same: you are approached by someone who claims to have a large amount of excess inventory and offers to sell it to you at a great price. The scammer actually has low quality items and will lie to you about the price/origin of the items.
Scammers will approach you in public about a dent in your car and offer to fix it for a low price. Often they will claim that they are mechanics. They will not fix the dent in your car, but they will apply large amounts of wax or other substances to hide the dent while they claim that the substance requires time to harden.
Tax Call
You get a call from somebody claiming to be from your countries tax agency. They say you have unpaid taxes that need to be paid immediately, and you may be arrested or have other legal action taken against you if it is not paid. This scam has caused the American IRS, Canadian CRA, British HMRC, and Australian Tax Office to issue warnings. This scam happens in a wide variety of countries all over the world.
Very similar to the tax call. You'll get a phone call from an "agent", "officer", "sheriff", or other law enforcement officer claiming that there is a warrant out for your arrest and you will be arrested very soon. They will then offer to settle everything for a fee, usually paid in giftcards.
Scammers will call you and tell you about a student loan forgiveness program, but they are interested in obtaining private information about you or demanding money in order to join the fake program.
Tech Support Call You receive a call from someone with a heavy accent claiming to be a technician Microsoft or your ISP. They inform you that your PC has a virus and your online banking and other accounts may be compromised if the virus is not removed. They'll have you type in commands and view diagnostics on your PC which shows proof of the virus. Then they'll have you install remote support software so the technician can work on your PC, remove the virus, and install security software. The cost of the labor and software can be hundreds of dollars.
The scam: There's no virus. The technician isn't a technician and does not work for Microsoft or your ISP. Scammers (primarily out of India) use autodialers to cold-call everyone in the US. Any file they point out to you or command they have you run is completely benign. The software they sell you is either freeware or ineffective.
What to do you if you're involved with this scam: If the scammers are remotely on your computer as you read this, turn off your PC or laptop via the power button immediately, and then if possible unplug your internet connection. Some of the more vindictive tech scammers have been known to create boot passwords on your computer if they think you've become wise to them and aren't going to pay up. Hang up on the scammers, block the number, and ignore any threats about payment. Performing a system restore on your PC is usually all that is required to remove the scammer's common remote access software. Reports of identity theft from fake tech calls are uncommon, but it would still be a good idea to change your passwords for online banking and monitor your accounts for any possible fraud.
How to avoid: Ignore any calls claiming that your PC has a virus. Microsoft will never contact you. If you're unsure if a call claiming to be from your ISP is legit, hang up, and then dial the customer support number listed on a recent bill. If you have elderly relatives or family that isn't tech savvy, take the time to fill them in on this scam.
This scam is aimed at Chinese people living in Europe and North America, and involves a voicemail from someone claiming to be associated with the Chinese government, usually through the Chinese consulate/embassy, who is threatening legal action or making general threats.
Utilities cutoff
You get a call from someone who claims that they are from your utility company, and they claim that your utilities will be shut off unless you immediately pay. The scammer will usually ask for payment via gift cards, although they may ask for payment in other ways, such as Western Union or bitcoin.
Relative in custody
Scammer claims to be the police, and they have your son/daughter/nephew/estranged twin in custody. You need to post bail (for some reason in iTunes gift cards or MoneyGram) immediately or the consequences will never be the same.
Mexican family scam
This scam comes in many different flavours, but always involves someone in your family and Mexico. Sometimes the scammer will claim that your family member has been detained, sometimes the scammer will claim that your family member has been kidnapped, and sometimes the scammer will claim that your family member is injured and needs help.
THE GOLDEN RULE OF ONLINE SHOPPING: If it sounds too good to be true, it probably is.
Dropshipping
An ad on reddit or social media sites like Facebook and Instagram offers items at huge discounts or even free (sometimes requiring you to reblog or like their page). They just ask you to pay shipping.
The scam: The item will turn out to be very low quality and will take weeks or even months to arrive. Sometimes the item never arrives, and the store disappears or stops responding. The seller drop-ships the item from China. The item may only cost a few dollars, and the Chinese government actually pays for the shipping. You end up paying $10-$15 dollars for a $4 item, with the scammer keeping the profit. If you find one of these scams but really have your heart set on the item, you can find it on AliExpress or another Chinese retailer.
Triangulation fraud occurs when you make a purchase on a site like Amazon or eBay for an item at a lower than market price, and receive an item that was clearly purchased new at full price. The scammer uses a stolen credit card to order your item, while the money from the listing is almost all profit for the scammer.
Cheap Items
Many websites pop up and offer expensive products, including electronics, clothes, watches, sunglasses, and shoes at very low prices.
The scam: Some sites are selling cheap knock-offs. Some will just take your money and run.
What to do if you think you're involved with this scam: Contact your bank or credit card and dispute the charge.
How to avoid: The sites often have every brand-name shoe or fashion item (Air Jordan, Yeezy, Gucci, etc) in stock and often at a discounted price. The site will claim to be an outlet for a major brand or even a specific line or item. The site will have images at the bottom claiming to be Secured by Norton or various official payment processors but not actual links. The site will have poor grammar and a mish-mash of categories. Recently, established websites will get hacked or their domain name jacked and turned into scam stores, meaning the domain name of the store will be completely unrelated to the items they're selling. If the deal sounds too good to be true it probably is. Nobody is offering brand new iPhones or Beats or Nintendo Switches for 75% off.
You're on Amazon or maybe just Googling for an item and you see it for an unbelievable price from a third-party seller. You know Amazon has your back so you order it. The scam: One of three things usually happen:
1) The seller marks the items as shipped and sends a fake tracking number. Amazon releases the funds to the seller, and the seller disappears. Amazon ultimately refunds your money. 2) The seller immediately cancels the order and instructs you to re-order the item directly from their website, usually with the guarantee that the order is still protected by Amazon. The seller takes your money and runs. Amazon informs you that they do not offer protection on items sold outside of Amazon and cannot help you.
2) The seller immediately cancels the order and instructs you to instead send payment via an unused Amazon gift card by sending the code on the back via email. Once the seller uses the code, the money on the card is gone and cannot be refunded.
How to avoid: These scammers can be identified by looking at their Amazon storefronts. They'll be brand new sellers offering a wide range of items at unbelievable prices. Usually their Amazon names will be gibberish, or a variation on FIRSTNAME.LASTNAME. Occasionally however, established storefronts will be hacked. If the deal is too good to be true its most likely a scam.
Scams on eBay
There are scams on eBay targeting both buyers and sellers. As a seller, you should look out for people who privately message you regarding the order, especially if they ask you to ship to a different address or ask to negotiate via text/email/a messaging service. As a buyer you should look out for new accounts selling in-demand items, established accounts selling in-demand items that they have no previous connection to (you can check their feedback history for a general idea of what they bought/sold in the past), and lookout for people who ask you to go off eBay and use another service to complete the transaction. In many cases you will receive a fake tracking number and your money will be help up for up to a month.
Scams on Amazon
There are scams on Amazon targeting both buyers and sellers. As a seller, you should look out for people who message you about a listing. As a buyer you should look out for listings that have an email address for you to contact the person to complete the transaction, and you should look out for cheap listings of in-demand items.
Scams on Reddit
Reddit accounts are frequently purchased and sold by fraudsters who wish to use the high karma count + the age of the account to scam people on buy/sell subreddits. You need to take precautions and be safe whenever you are making a transaction online.
Computer scams
A popup or other ad will say that you have a virus and you need to follow their advice in order to remove it. They are lying, and either want you to install malware or pay for their software.
Chinese Brushing / direct shipping
If you have ever received an unsolicited small package from China, your address was used to brush. Vendors place fake orders for their own products and send out the orders so that they can increase their ratings.
Money Flipping
Scammer claims to be a banking insider who can double/triple/bazoople any amount of money you send them, with no consequences of any kind. Obviously, the money disappears into their wallet the moment you send it.
One or two teenagers or young adults knock on your door offering magazine subscriptions. They claim its related to a college scholarship or to win a trip. The subscriptions are overpriced and may not even arrive. The kids selling them are runaways who have been roped into the scam.
Energy sales Somebody will come to your door claiming to be from an energy company. They will ask to see your current energy bill so that they can see how much you pay. They will then offer you a discount if you sign up with them, and promise to handle everything with your old provider. Some of these scammers will "slam" you, by using your account number that they saw on your bill to switch you to their service without authorization, and some will scam you by charging higher prices than the ones you agreed on.
After you decline to buy a subscription, they ask you to donate a small sum of money. Your mind goes "I guess it's only $1" or "if that's what it takes for them to go away".
They ask to enter your home
While trying to sell you whatever, they suddenly need to use your bathroom, or they've been writing against the wall and ask to use your table instead. Or maybe they just moved into the neighborhood and want to see how you decorate for ideas.
They're scoping out you and your place. They want to see what valuables you have, how gullible you are, if you have a security system or dogs, etc.
Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
I'm thinking about running a remote node on the GUI. I have Tails. How risky is this? I read a remote node can find your IP address but does it matter if I'm using Tails?
If I use the remote node do I need to use a .onion node?
I found a few like the one in the sheeps noob guide
xmrag4hf5xlabmob.onion
Do I need to type in the torsocks command to configure the TOR node as said in the below thread
https://www.reddit.com/r/Monero/comments/84i5l6/monero_on_tails_only_using_a_remote_onion_node/
Is Monero more susceptible to getting stolen than bitcoin or is it just this specific vulnerability in the nodes?
Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
Tech giant IBM has been awarded a patent for a mobile data sharing method that uses distributed ledger technology (DLT), according to documents published by the United States Patent and Trademark Office (USPTO) on April 23.
The product described in the filing represents a continuation of U.S. patent application filed in November 2017 entitled “Information Sharing Among Mobile Apparatus.” IBM proposes a method executed by a mobile apparatus to verify information that has been shared between two devices.
In detail, the platform can collect specific information and deliver it to nearby computing nodes, with subsequent publishing of a verified incident event on a distributed ledger. The collected data is further used to map information updates.
Objects connected within the proposed system would reportedly share event information among multiple mobile devices with a secure reliability and without providing a trusted third party. The document explains:
“Connected objects can be sensed and/or controlled remotely across existing network infrastructure, integrating connected physical objects into computer-based systems. Connected physical objects are uniquely identifiable through their embedded computing system, allowing the connected physical objects to interoperate within the existing Internet infrastructure.”
The patent is just the most recent in the long list of blockchain-related patents either filed or received by IBM in recent months. Earlier in April, IBM added a new implementation to manage data and interactions for self-driving vehicles (SDVs) to its arsenal of blockchain patents. The products appears to be a system, wherein an SDV interacts and predicts the behavior of drivers of non-autonomous vehicles nearby.
In March, Cointelegraph reported about an IBM patent for an application that aims to improve the security of permissioned blockchain networks. In the filing, IBM outlined security techniques for withstanding replay attacks while maintaining valid user permissions and privacy.
Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
High quality service at a great price. 5 concurrent connections at the same time with only 1 subscription. Any combination of MAC and M3u type devices.
Our APK allows users to manage their own MAC addresses as well as categories that you see during play.
Works on almost all devices from IOS, Android, Windows, MACs.
For the sports fanatics out there our MatchCenter section is going to be your home. Nicely organized section in our apk and website where you can easily see all the sporting events in one central location. Within our website MatchCenter allows you to watch up to 4 games at once.
Activation can be done within 15mins of payment being received. No waiting 24 hours for your email to get processed.
Prices are quoted in Canadian dollars.
Payment Options......
For customers service I normally reply within the hour.
Trials are available but are NO LONGER FREE. Too many people where abusing them. Trials will now be $3 and are good for 1 day. If you go with a sub, the charge will be deducted from the total amount.
Referral program, for every 2 people you refer, your monthly subscription price will be $1 less. No limit to that so if you refer enough your subscription will be free.
Any questions please feel free to msg me.
Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
* Special events * Exclusive prizes * Hello, surprise, gifts and welcome to OOOBTC! We invite you to become part of the largest digital currency trading in Singapore, BTC LLC.
#ooobtc #obx #tqn #crypto #bitcoin #ethereum #blockchain #btc #toqqn #Cryptocurrency
“Give me the fucking rollerblades.”
Something had arrived.
By mail.
And I was excited.
Nervous but excited
There was someone small.
Like a child.
And I brought him inside.
And there was a car.
The car pulled up beside me.
And I was trying to get out.
And I was sat down here.
And I was on the computer.
And I was trying to type something.
And my heart was pounding.
I was scared.
I was really really scared.
Something in the kitchen.
I pressed my thumbs into his eyes.
Those tiny feet under the table.
And I was crawling.
And that light.
And then I’m here.
And I’m in this blanket.
And I’m here.
“You’ve gotta run.”
I was sat at my computer.
There was a message board on the screen that looked familiar. It shimmered slightly, I couldn’t quite focus.
My head was a dense fog.
There were these waves of absence in my mind I was trying to piece together.
But I wasn’t doing so well.
I wasn’t sure where I’d been or what had happened. Just that some things had changed and I ought to find out what they were, and this screen was a good place to start.
11:24 user/peter says:
[deleted]
user/adam joined the discussion.
11:29 user/adam says:
haha! wtf?
11:30 user/peter says:
[deleted]
11:31 user/adam says:
wait.what?
user/peter says:
[deleted]
user/adam says:
From who?
11:33 user/peter says:
[deleted]
11:35 user/adam says:
lmao we’re there little X’s where his eyes should be? tf
11:35 user/peter says:
[deleted]
11:36 user/adam says:
Pressed them inside? tf wrong with you?
11:37 user/peter says:
[deleted]
11:37 user/adam says:
okay enough dude you need to chill. I’ll come see you
11:38 user/peter says:
[deleted]
11:40 user/adam says:
Okay you either need to fess the fuck up or calm the fuck down and stay there. I’m coming over.
11:42 user/adam says:
and fuck you if this is a joke. Not funny.
12:11 user/adam says:
yo answer the door or ima break it down.
I wasn’t there.
The sun was beating down through a clear lapis sky. I could see for quite a stretch from the top of this hill.
I could see all the folks out on their front lawns stretching down the road beneath me. Kids were playing out on the grass. A mother was teaching her child to ride a bicycle. A few folks had their sprinklers on to stop the grass getting too dry. Further down a guy was washing his car, spraying his dog every so often. The dog would try to snap at the water.
The whole avenue painted this perfect picture.
All those smiling faces.
And I had these rollerblades.
I was at the top of the hill with these rollerblades and I was strapping them on. They were really tight and my thumbs were all greasy so tying them up wasn’t easy. I was kind of tip-toed.
But I was headed down that hill.
That much I knew.
I don’t think I’d ever done this before. Rollerblading that is.
I took a clunky step forward.
And it came naturally.
I was a natural.
I pulled my feet together and rolled over the event horizon.
The wind wrapped my face and swam through my hair as I zipped down. My shirt billowed behind me as I carved a shallow ‘S’ shape, weaving my way down the hill.
This was perfection. This feeling of freedom.
I wasn’t scared anymore.
I lifted my face to the sun and outstretched my arms to feel the resistance. My hands clasped at the thick, warm air that threaded through my fingers.
The hill flattened out. I opened my eyes and took a look around.
There was that little girl on her bicycle. I slowed my pace a little, coasting along side her for a moment.
Her mother smiled a peculiar smile.
And I smiled back.
I passed through the arch of a sprinkler, ducking under a hazy rainbow. Feeling the cool droplets pool in my hair and on my face.
It felt good.
There was that dog.
His fur was soft and silky.
I held him close and for a moment there was perfection. We stayed there for that moment.
Then this wave came in and a long shadow cast over us. The man towered over us.
“Hey, hey easy there buddy.”
And everything turned.
An air of menace, from the man.
Something had changed.
He wanted the thing.
He’d destroyed the moment and was headed straight toward me.
So I ran.
And the man chased after.
I ran as hard as I could.
I wasn’t gliding anymore. My feet were slapping the the scolding hot tarmac hard.
“Hey! Hey what are you doing!? Get back here!”
I got down the hill as fast as I could. The street broke off and there was a small pathway down to the canal.
He was catching up. I needed to get out of here.
I threw the thing I was holding over the fence into the canal and wound my way along this bushy path that led to a bridge crossing over into town.
I think I lost him.
I glanced back down the canal from the bridge.
I could see a commotion in the canal downstream where I’d thrown the thing I was holding. A couple of guys were flapping about in the water. A woman was shouting from the bank beside.
They were distracted. And I was safe.
But I was breathless. The heat was pounding down on my scalp. I could feel my skin burning, the beating sun no longer comforted me, it was blazing.
I needed to get out of here.
I needed to get out of these clothes.
My body was burning.
I needed to get these clothes off me right now.
The air was so thick I couldn’t breathe.
I struggled out of my shirt.
I couldn’t breathe.
I don’t know what came over me.
I was vibrating.
Everything was vibrating.
I grasped my throat and threw myself forward.
And the world span around me.
I closed my eyes.
And I was falling.
I spread my arms.
And I let it consume me.
The ocean.
It carried me along.
And I was crawling.
Until it got dark.
And I felt safe again.
“Give me the fucking rollerblades.”
I don’t know how much time had passed.
“Joe?”
It was dark now.
I’m not sure how I got here.
It was cold and dark and I was shivering.
I was in some kind of catacomb with this blanket around me. The brickwork was old, a well crafted arch swept overhead. Flickering in a warm light.
I felt like I’d been here for a while.
And there was this flame.
In my hand.
A small candle in my hand.
“Joe?”
A woman.
She was dirty. A dirty woman.
“Joe!? Wh- What did you do!? Joe!?”
Joe was on the floor beside me, naked.
I’d seen him before.
I pressed my thumbs into his eyes.
The dirty woman was shaking him.
‘Something in the kitchen.’
The dirty woman lifted his head in her grubby hands.
I moved the candle in closer to see.
Joe had his eyes pressed into his skull.
Like a child
It looked familiar.
“What did you do!?”
The dirty woman exhaled like an animal.
“You motherfucker! Ahhhhgg!”
And she launched herself at me.
I could feel her hands clawing at my face and grasping at my blanket as I kicked her away.
She wasn’t strong enough. She wasn’t in a fit state.
I pushed her away and she fell into the blackness with a splash.
It consumed her.
And it was dark again. Except for the vague moonlight that cast over naked Joe.
What was this place?
I gave Joe a push with my feet, until he released from the ground.
And the blackness consumed him too.
And I sat there quietly for a while.
My candle was gone.
My eyes had adjusted to a vague light up ahead. I could see the moonlight bounce off the damp brick walls like it had bounced off Joe.
I wandered towards it, Joe’s blanket wrapped around my shoulders.
The stars were out. I could see upward for miles. I wandered along for a short while watching the sky before I found a ladder leading up there.
I was up on the roadside. The street lamps beating down on me. Bright.
It was quiet around here. The shutters were down and the curtains drawn. The ground was cool on my feet.
‘Those tiny feet under the table.’
And I just kept walking.
I think there were people.
“Hey buddy... Buddy.”
But I didn’t want what they were offering.
I just kept walking.
Down these streets with with their shutters down and the curtains drawn.
I remember one place.
This place had light. Blinding light streaking overhead. Rows and aisles of gleaming glass.
It sparkled.
“Hey get outta here!”
And there was water.
“Hey I said get outta here!”
A figure approached me and took my shoulders.
“Fucking junkies man...”
And hit hit the ground. Hard.
The ground was cold.
I spread myself across it.
The grit against my bare chest and cheek.
This heat spreading through me.
Then a jab in my side.
“Hey move it!”
I was lifted up.
“And take your fucking blanket.”
And pushed on and deep into the town.
‘The car pulled up beside me.’
“There! There! That’s him!”
Then they took me.
And I tried to resist.
But I wasn’t strong enough.
The men wrestled me into the back seat, pinned me down and we took off in a blur.
The street lamps stripped across the window as I peered out. Pinned to the back seat. My arms behind my back.
The lights blurred red, white, yellow, green. They spread. Dazzling.
There were voices in the car. Panicked.
One figure behind the wheel.
Two in the back with me.
Then black.
‘And I brought him inside.’
I came to a while later.
It was bright in here and I was tied down.
Those voices again, in the next room. Vague.
“Jesus fuck!”
“We need to get out of here. Now.”
“Wh- Well who is it?”
“How the fuck should I know?”
“Is he dead?”
“Of course he’s fucking dead.”
“His fucking eyes man what the fuck!?”
“You didn’t see this!?”
“Fuck! Fuck! Fuck!”
“We need to call the cops.”
“Call the cops... Are you insane!?”
“I’m getting the hell out of here. Right now.”
“And what about him?”
“I don’t know!”
“Well what’d he take!?”
“I don’t know... He was on about research chemicals or bitcoin or some shit.”
“Fuck! Uh... okay... okay... We untie him and we go.”
The footsteps drew close.
Someone was close.
Their voice was familiar.
“Peter? I don’t know if you can hear me. But you’ve gotta get up buddy. You need to get up now and you’ve gotta run.”
“You’ve gotta run.”
Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
I posted the other day about buying bitcoins in Germany. I see that the process has become so much easier than when I wanted to get involved in bitcoin two years ago. Thanks to everyone for the answers. I'm still figuring out the best exchange to put my 1k in and forget (no plan to trade, just buy and hold a few different coins so I can one day tell my grandkids how i became a millionnaire or how I did my nuts on bitcoin)
I am also very interested in starting my bitcoin education. Actually when I say bitcoin i mean the whole crypto scene. As you can probably see my knowledge is zero at the moment. I need the best place to start. Is there an ebook that is good for beginners? Or a YouTube channel? I want to get started with something small only. Something that introduces me to overall basics. After that I can get into the details myself as I'm a quick learner and have done a lot of teach myself things in the past.
Thanks in advance for all suggestions.
Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
HorseChain is the world’s largest Equine services provider based on blockchain. Since the equine industry has been facing lots of problems in the previous decade because of the offline system and lack of global platform, the Horse Chain Foundation has developed a decentralized solution to all these problems. HorseChain provides an online platform for the equine industry, where users can purchase or buy horses, post an ad, check the medical reports, organize online events, etc. To do all these tasks, the users will need HRS tokens because the HRS tokens are the medium of exchange in the HorseChain app. Therefore, using HRS tokens users can buy horses take part in the racing competitions and can do many more things.
Plesse list #horseChain #IEO #okex #crypto #bitcoin #ethereum #blockchain #btc
Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
Mega hack pack 1.Make $1000's A Week With Torrents 2. Amazon prime video method 3. Steam cracking tool 4. VIU+VOOT trick with download 5. PUBG UC pass trick 6. Carding PDFs for noobs 7. CC cashout 8. ATM hack 9. Instagram account hack 10. Free 1 Month Netflix Trick ( You Can Create Unlimited Account ) ♨️ 11. Free Netflix using PayPal ( Video Tutorial ) 12. Free Amazon Prime Trick ♨️ + Video Tutorial 13. How To Bypass Link Shortner 14. YouTube View Booster Bot 15. YouTube Blazzer 16. Amazon Gift Cards 17. Paypal Method 18. Ebay Method 19. Free Amazon Gift Card Method 20. Flipkart Carding Tutorial ♨️ 21. How To Get Fresh Valid Proxy List For Cracking 22. How To Get A Free Master Card ♨️ 23. How To Get Referrals 24. Bypass Gmail Mobile Verification Trick 25. Bypass Android Pattern Lock Using ADB 26. Get Refund Of GiftCard 27. Facebook Hacking Ebook ♨️ 28. Get Things From Ebay For Free 29. SEO Secrets 30. Guide To Make Money Online 31. Hacking Methods 32. CC Generator 33. CC Checker 34. Get Massive YouTube Traffic 35. Get Passes To Pornsites 36. Hack WEP WiFi Password 37. Kick Someone Of A Wireless Network 38. Make A Phisher For A Website (Facebook/Instragram/Etc) 39. Make Easy Money As An eBay Affiliate 40. Make Multiple Gmail Accounts With Only 1 Account 41. How To Make Mozilla 30 Times Faster 42. USA Whatsapp Number Trick 43. Collection Of Rare Hacking Ebooks ♨️ 44. Starbucks Method 45. How To Call Someone From His Own Number (Caller Id Spoofing) ♨️ 46. Transfer PP Balance Method 47. YouTube RED Trick 48. Express VPN Mod App ♨️ 49. Amazon Carding Method ♨️ + Video Tutorial 50. What is Carding?? (Video) 51. Phishing Tutorial 52. Easy Cardable Sites List ♨️ 53. Find Local BIN's 54. Carding For Noobs 55.Carding Online Tools And Website 56. PayPal Carding 57. Wallmart Carding 58. Amazon Carding (Video Tutorial) ♨️ 59. eBay Carding (Video Tutorial) 60. Full process of carding 61. Full tutorial on how to make money through CPA Network without any referrals BIG LOOT 🔥🔥🔥🔥🔥🔥
PRICE - $50
Payment method - bitcoin, Ethereum, payeer, PayPal, skrill and perfect money
Contact me on
Telegram - https://t.me/ExploitHackeer
WhatsApp - http://wa.me/+2349076095187
Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
Thread topics include, but are not limited to:
Thread guidelines:
Other ways to interact:
The following post by AutoModerator is being replicated because some comments within the post(but not the post itself) have been silently removed.
The original post can be found(in censored form) at this link:
np.reddit.com/r/ BitcoinMarkets/comments/bgbu53
The original post's content was as follows:
Thread topics include, but are not limited to:
- General discussion related to the day's events
- Technical analysis, trading ideas & strategies
- Quick questions that do not warrant a separate post
Thread guidelines:
- Be excellent to each other.
- Do not make posts outside of the daily thread for the topics mentioned above.
Other ways to interact:
- Get an invite to live chat on our Slack group
- Set your flair to trade pretend money in the Flair Game
- Weekly threads: Newbie Mondays and Fundamentals Fridays
- Altcoins Discussion: Altcoin Discussion
Hello! I am a beginner level malware analyst/reverse-engineer, senior software developer, certified forensic investigator. The reason for the appearance of this report is the lack of such an analysis of the ransomware called Sepsis at that time on the Internet. The main purpose of my research was not only find out what malware does but also HOW it commits malicious actions.
This is my ever first post in english. English is not my native language so I hope you understand me right.
To understand this topic you should be familiar with assembly language and malware analysis tools. In general, I explain each step in detail so don't worry if you don't have much knowledge about reverse-engineering and malware analysis.
Malware was first discovered on May 14, 2018 by MalwareHunterTeam. I downloaded the sample from Virusshare (also you can do it here, do it at your own risk!). Sample has the following hash values:
SHA1 518d5a0a8025147b9e29821bccdaf3b42c0d01db
SHA256 3c7d9ecd35b21a2a8fac7cce4fdb3e11c1950d5a02a0c0b369f4082acf00bf9a
The analysis was carried out on Virtualbox with Windows 7 Ultimate SP1 64-bit. The type of malware is a ransomware. Damage by executing can be seen on the screenshot.
All files are encrypted and [[Sepsis@protonmail.com](mailto:Sepsis@protonmail.com)].SEPSIS have been added to their names. Windows VM crashed.
First of all, open the file in PPEE with FileInfo plugin.
https://i.redd.it/4h7obuhf10u21.png
As we see, 51 out of 68 antiviruses define a file as malicious. Let's move on to suspicious strings.
Look at the line **-KEY- ... - END PUBLIC KEY-** - this is the public key that most likely encrypts data.
The line looks like an argument to cmd.exe:
**`admin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures`**
**`admin.exe delete shadows /all /quiet`** - deletes all backups of the system to prevent the recovery of damaged files.
**`bcdedit.exe /set {default} recoveryenabled no`** - disables recovery mode.
**`bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures`** - disables the appearance of the Windows Error Recovery screen.
Open the URL strings.
By line
**`http://www.coindesk.com/information/how-can-i-buy-bitcoins/'>http://www.coindesk.com/information/how-can-i-buy-bitcoins/</a > `**
it can be understood that the user will be asked to bitcoins and give a link to how to do it.
Open the Registry strings.
Pay attention to **`Software\Classes\mscfile\shell\open\command`**. The registry branch **`Software\Classes`** contains information about which programs are responsible for handling certain file types. That is, the malware most likely adds some commands that will be executed every time you open the .msc file. It is possible that malware affects the operation of the Winlogon process, which is responsible for logging in/out of the system.
PE headers are normal.
No more interesting PPEE shows. You should not hope to receive complete information using PPEE or other utilities, but for obtaining initial information and information about what a file is, this may be enough. Strings can be added specifically to confuse or recover dynamically or to be encrypted. Strings in the file can also be viewed using the famous **strings** program, but its more powerful counterpart is [FLOSS](https://github.com/fireeye/flare-floss) from FireEye. It can show even obfuscated strings in a binary.
We launch it with a command with writing to a file since it has a very large output.
**`floss sepsis.bin > c:\floss_output.txt`**
Open and browse the resulting [file](https://github.com/thatskriptkid/Malware-Analysis/blob/master/sepsis/foss_output.txt). We can see html file with such content.
```
<body>
<div class='header'>
<div style='color:yellow'>Welcome to Sepsis Ransomware!</div> <div style='color:blue'>All your files have been encrypted!</div> </div>
<div class='bold'>All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail <span class='mark'>\[Sepsis@protonmail.com\](mailto:Sepsis@protonmail.com)</span></div> <div class='bold'>Write this ID in the title of your message <span class='mark'>16E734E0</span></div>
<div class='bold'>In case of no answer in 24 hours write us to theese e-mails:<span class='mark'>[sepsis@airmail.cc](mailto:sepsis@airmail.cc)</span></div>
<div>
The price depends on how fast you write to us. You have to pay for decryption in Bitcoins. After payment we will send you the decryption tool that will decrypt all your files. </div> <div class='note info'>
<div class='title'>Free decryption as guarantee</div>
<ul>Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 10Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) </ul>
</div>
<div class='note info'>
<div class='title'>How to obtain Bitcoins</div>
<ul>
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
<br><a href='\\\[\[[https://localbitcoins.com/buy\\\\\\\_bitcoins\\\](https://localbitcoins.com/buy\\\_bitcoins)'>](https://localbitcoins.com/buy\_bitcoins\](https://localbitcoins.com/buy\_bitcoins)'>)](https://localbitcoins.com/buy\\\_bitcoins\](https://localbitcoins.com/buy\_bitcoins)'>](https://localbitcoins.com/buy_bitcoins](https://localbitcoins.com/buy_bitcoins)'>))[https://localbitcoins.com/buy\_bitcoins](https://localbitcoins.com/buy_bitcoins)</a>
<br> Also you can find other places to buy Bitcoins and beginners guide here:
<br><a href='\\\[\[[http://www.coindesk.com/information/how-can-i-buy-bitcoins/\\\](http://www.coindesk.com/information/how-can-i-buy-bitcoins/)'>](http://www.coindesk.com/information/how-can-i-buy-bitcoins/\](http://www.coindesk.com/information/how-can-i-buy-bitcoins/)'>)](http://www.coindesk.com/information/how-can-i-buy-bitcoins/\](http://www.coindesk.com/information/how-can-i-buy-bitcoins/)'>](http://www.coindesk.com/information/how-can-i-buy-bitcoins/](http://www.coindesk.com/information/how-can-i-buy-bitcoins/)'>))[http://www.coindesk.com/information/how-can-i-buy-bitcoins/](http://www.coindesk.com/information/how-can-i-buy-bitcoins/)</a>
</ul>
</div>
<div class='note alert'>
<div class='title'>Attention!</div>
<ul>
<li>Do not rename encrypted files.</li>
<li>Do not try to decrypt your data using third party software, it may cause permanent data loss.</li>
<li>Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.</li>
</ul>
</div>
</body>
```
It looks like a message that will be shown to the victim after encrypting the files. We also see the line `SeDebugPrivilege`, which means that malware may connects to other processes. The line `eventvwr.exe`, in resulting output - signals a possible attempt to raise privileges. We also see names similar to the list of folders:
`Windows`
`MSOCache`
`Perflogs`
`DVD Maker`
`Internet Explorer`
`Reference Assemblies`
`Windows Defender`
`Windows Mail`
`Windows Media Player`
`Windows NT`
`Windows Sidebar`
`Startup`
`Temp`
`Program Files`
`Program Files (x86)`
They probably used as a blacklist when encrypting.
Open the file in [PEiD](https://www.aldeid.com/wiki/PEiD) to find out if packers have been used.
[DIE](http://ntinfo.biz/index.html) shows us that the program is written in C/C++, this will allow us to decompile it well with HexRays in IDA.
You can guess what malware does without starting it by examining the imported libraries and their functions.
This may not always help, as the file can be packed, but in our case we are lucky.
`crypt32.dll` for encryption, `advapi32.dll` working with the registry.
# Dynamic analysis.
The logic of the work of Sepsis in pseudocode.
```
1 if (elevated)
2 copy_to(C:\Windows\svchost.exe)
3 add_to_autorun()
4 exec(C:\Windows\svchost.exe)
5 sleep()
6 else
7 copy_to(%TEMP%\svchost.exe)
8 add_to_autorun()
9 if (!elevated)
10 run_as_elevated()
11 sleep()
12 if (run_first)
13 run_first = FALSE
14 else
15 exit()
16 encrypt_all_data()
17 if (elevated)
18 wipe_backups()
19 set_process_critical()
20 rename_all_files()
21 show_user_manual()
22 exit()
```
As we can see, the malware checks whether it is launched with elevated privileges - lines 1, 9, 17. Checking with TokenInformation, after calling GetTokenInformation, with the TokenElevation parameter.
The first launch on the victim's computer is assumed without elevated privileges so the malware copies itself to a temporary folder (line 7), under the name **svchost.exe**
and adds itself to autorun (line 8) by adding **`%TEMP%\svchost.exe`** to the **`HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell`**.
Winlogon is the process responsible for the session of the OS user (provide logging in and logging out of the system). When booting the OS, Winlogon starts what is written in the Shell key, that's why the malware is launched.
In line 9, again there is a check for the presence of elevated rights and if it's not true, then the malware makes privilege escalation (line 10). How does malware do it? This is done by adding itself to the registry branch **`HKCU\\Software\\Classes\\mscfile\\shell\\open\\command`**. All that is written to this registry branch will be launched when opening files of type .msc. Next, malware runs **`eventvwr.exe`** - a Windows system utility that runs the Microsoft Management Console (mmc.exe), which immediately loads the .msc file. The magic is that **`eventvwr.exe`** is compiled with _autoElevated = True_ in the manifest, which allows it to run with elevated rights bypassing UAC and not showing the user a window requiring consent to run. Thus, Sepsis launches itself SECOND time.
In line 11, the malware falls asleep and the second instance comes into play. The first instance, after hibernation and checking in line 12, stops in line 15. The check for restart occurs by creating a mutex with the unique name `HJG> <JkFWYIguiohgt89573gujhuy78 ^ * (& (^ & ^ $` and checking the availability for opening.
Now, we will analyze the work of malware after restart. As we see, the first launch was necessary to add to autorun and launch itself with elevated rights. After running in elevated rights, the malware brazenly copies itself to **`C:\Windows\svchost.exe`**, without generating any pop-up windows.
As we can see, after running CopyFile, the file `C:\Windows\svchost.exe` has the same hash as the original file.
Line 16 encrypts all files, except files in folders:
`Windows`
`MSOCache`
`Perflogs`
`DVD Maker`
`Internet Explorer`
`Reference Assemblies`
`Windows Defender`
`Windows Mail`
`Windows Media Player`
`Windows NT`
`Windows Sidebar`
`Startup`
`Temp`
`Program Files`
`Program Files (x86)`
The public keys (that we saw in previous static analysis) was imported
Files are encrypted using the **`CryptEncrypt`** function.
Line 18 deletes all existing backups, using the command we saw earlier - `/c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures`. This is done so that the user cannot recover the encrypted files.
Line 19, by calling the **`RtlSetProcessIsCritical`** undocumented function, the main process of Sepsis become system process. When the malware completes its work it completes its process and since it is system process OS crashes and reboots.
Line 20, for each existing disk in the system, an additional thread is created that renames all files in each folder with the exception of the list above.
Line 21, a file with html content (that we saw earlier) is created and displayed to the user.
# System Restore
A unique pattern of malware sample is the name of the mutex - **"HJG> <JkFWYIguiohgt89573gujhuy78 ^ * (& (^ & ^ $"**.
# Conclusion
I hope that you enjoy this report and I wait for feedback. If you want me to make similiar report please let me know!
The following post by AutoModerator is being replicated because some comments within the post(but not the post itself) have been silently removed.
The original post can be found(in censored form) at this link:
np.reddit.com/r/ BitcoinMarkets/comments/bgbu79
The original post's content was as follows:
Thread topics include, but are not limited to:
- Discussion related to recent events
- Technical analysis, trading ideas & strategies
- General questions about altcoins
Thread guidelines:
- Be excellent to each other.
- All regular rules for this subreddit apply, except for number 2. This, and only this, thread is exempt from the requirement that all discussion must relate to bitcoin trading.
- This is for high quality discussion of altcoins. All shilling or obvious pumping/dumping behavior will result in an immediate one day ban. This is your only warning.
- No discussion about specific ICOs. Established coins only.
If you're not sure what kind of discussion belongs in this thread, here are some example posts. News, TA, and sentiment analysis are great, too.
Other ways to interact:
- Get an invite to live chat on our Slack group and check out the #altcoins channel
- Daily Discussion for bitcoin only: Daily Discussion
- Prior Altcoin Discussion: Altcoin Discussion