• Join CraxPro and earn real money through our Credit Rewards System. Participate and redeem credits for Bitcoin/USDT. Start earning today!
    Read the detailed thread here

Suggestion Notice to All Crax.Pro Members!! Beware Download Flash BTC Softwares

Currently reading:
 Suggestion Notice to All Crax.Pro Members!! Beware Download Flash BTC Softwares

This thread represents a suggestion.

rafkhanus

Member
LV
1
Joined
Sep 19, 2023
Threads
12
Likes
26
Awards
4
Credits
4,158©
Cash
0$
Hello Everyone!
Crax.pro members you are hereby advised to be cautious when downloading btc flashing softwares either from here or any other platforms, as recently i encountered a scammer who had remote access to my pc who probably came from one of users uploaded software, luckily i did not had any my personal photos, data on my pc and got saved to be blackmailed by him, but he did added 2 factor authentication to my telegram which i have access to luckily because i was logged in on my phone, below is the detailed information of the malware and softwares used to manipulate and control your pc.

General Info​

File name:

BTCflasher 5.1 pro.rar​

Full analysis:https://app.any.run/tasks/84ba3bd1-8819-4682-8344-b9de412cdb80
Verdict:Malicious activity
Threats:Quasar RAT
Quasar is a very popular RAT in the world thanks to its code being available in open-source. This malware can be used to control the victim’s computer remotely.
Malware Trends Tracker >>>
Analysis date:October 05, 2023 at 23:14:37
OS:Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:evasion
quasar
rat
remote
Indicators:


MIME:application/x-rar
File info:RAR archive data, v5
MD5:

A5971E2152127475A137092B2F0FBC74​

SHA1:

2B9456E21C375F90E8DFB9B5F05CD4ADA7539A24​

SHA256:

DA528385BE08955C71D4E7F082F1C9175630E033E055072FCD2000E76F0D8B36​

SSDEEP:

98304:EXfTv5JBaYiOqs7cVbSGOBL1HhsfbXdh3Vx/LHKQC8vUdZVnNhaCmGfegoNPjCDx:oSD5NPKgNPPmQyohValgXQl​

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options​

Behavior activities​

MALICIOUS:​

    • Drops the executable file immediately after the start​

      • BTCFlasher Pro V-5.1.exe (PID: 680)
      • ._cache_BTCFlasher Pro V-5.1.exe (PID: 2264)
      • 1.exe (PID: 3824)
      • 2.exe (PID: 3964)
      • ._cache_2.exe (PID: 584)
      • ._cache_1.exe (PID: 2372)
    • Application was dropped or rewritten from another process​

      • BTCFlasher Pro V-5.1.exe (PID: 680)
      • 1.exe (PID: 3824)
      • Synaptics.exe (PID: 988)
      • 2.exe (PID: 3964)
      • ._cache_2.exe (PID: 3144)
      • ._cache_1.exe (PID: 2372)
      • ._cache_2.exe (PID: 584)
      • Synaptics.exe (PID: 1120)
      • HydraFlasher Pro V-5.1.exe (PID: 3008)
      • Client.exe (PID: 3636)
      • Client.exe (PID: 2040)
    • Changes the autorun value in the registry​

      • 2.exe (PID: 3964)
      • Client.exe (PID: 3636)
    • Uses Task Scheduler to run other applications​

      • Client.exe (PID: 3636)
    • QUASAR has been detected (YARA)​

      • Client.exe (PID: 3636)
    • Actions looks like stealing of personal data​

      • Client.exe (PID: 3636)
    • Steals credentials from Web Browsers​

      • Client.exe (PID: 3636)
    • Connects to the CnC server​

      • Synaptics.exe (PID: 988)
    • QUASAR was detected​

      • Client.exe (PID: 3636)
  • SUSPICIOUS​

    • Process drops legitimate windows executable​

      • WinRAR.exe (PID: 2252)
    • Reads the Internet Settings​

      • BTCFlasher Pro V-5.1.exe (PID: 680)
      • ._cache_BTCFlasher Pro V-5.1.exe (PID: 2264)
      • 1.exe (PID: 3824)
      • 2.exe (PID: 3964)
      • ._cache_2.exe (PID: 584)
      • Synaptics.exe (PID: 988)
      • Client.exe (PID: 3636)
      • ._cache_1.exe (PID: 2372)
      • HydraFlasher Pro V-5.1.exe (PID: 3008)
    • Start notepad (likely ransomware note)​

      • WinRAR.exe (PID: 2252)
    • Starts itself from another location​

      • ._cache_1.exe (PID: 2372)
    • Loads DLL from Mozilla Firefox​

      • Client.exe (PID: 3636)
    • Checks for external IP​

      • ._cache_1.exe (PID: 2372)
      • Client.exe (PID: 3636)
    • Connects to unusual port​

      • Client.exe (PID: 3636)
    • Reads Mozilla Firefox installation path​

      • Client.exe (PID: 3636)
    • Reads settings of System Certificates​

      • HydraFlasher Pro V-5.1.exe (PID: 3008)
      • Synaptics.exe (PID: 988)
    • Checks Windows Trust Settings​

      • Synaptics.exe (PID: 988)
    • Adds/modifies Windows certificates​

      • ._cache_2.exe (PID: 584)
    • The process executes via Task Scheduler​

      • Client.exe (PID: 2040)
    • Reads security settings of Internet Explorer​

      • Synaptics.exe (PID: 988)
  • INFO​

    • Checks supported languages​

      • BTCFlasher Pro V-5.1.exe (PID: 680)
      • ._cache_BTCFlasher Pro V-5.1.exe (PID: 2264)
      • 1.exe (PID: 3824)
      • 2.exe (PID: 3964)
      • ._cache_1.exe (PID: 2372)
      • Synaptics.exe (PID: 988)
      • ._cache_2.exe (PID: 584)
      • Synaptics.exe (PID: 1120)
      • HydraFlasher Pro V-5.1.exe (PID: 3008)
      • Client.exe (PID: 3636)
      • Client.exe (PID: 2040)
    • Reads the computer name​

      • BTCFlasher Pro V-5.1.exe (PID: 680)
      • ._cache_BTCFlasher Pro V-5.1.exe (PID: 2264)
      • 2.exe (PID: 3964)
      • 1.exe (PID: 3824)
      • Synaptics.exe (PID: 988)
      • ._cache_1.exe (PID: 2372)
      • ._cache_2.exe (PID: 584)
      • HydraFlasher Pro V-5.1.exe (PID: 3008)
      • Synaptics.exe (PID: 1120)
      • Client.exe (PID: 3636)
      • Client.exe (PID: 2040)
    • Creates files in the program directory​

      • BTCFlasher Pro V-5.1.exe (PID: 680)
      • Synaptics.exe (PID: 988)
    • Create files in a temporary directory​

      • BTCFlasher Pro V-5.1.exe (PID: 680)
      • 2.exe (PID: 3964)
      • ._cache_BTCFlasher Pro V-5.1.exe (PID: 2264)
      • 1.exe (PID: 3824)
      • ._cache_2.exe (PID: 584)
      • Synaptics.exe (PID: 988)
    • Drops the executable file immediately after the start​

      • WinRAR.exe (PID: 2252)
    • Reads the machine GUID from the registry​

      • BTCFlasher Pro V-5.1.exe (PID: 680)
      • ._cache_1.exe (PID: 2372)
      • 2.exe (PID: 3964)
      • Client.exe (PID: 3636)
      • Synaptics.exe (PID: 988)
      • HydraFlasher Pro V-5.1.exe (PID: 3008)
      • Client.exe (PID: 2040)
    • Reads Environment values​

      • ._cache_1.exe (PID: 2372)
      • Client.exe (PID: 3636)
      • HydraFlasher Pro V-5.1.exe (PID: 3008)
    • Creates files or folders in the user directory​

      • ._cache_1.exe (PID: 2372)
      • Client.exe (PID: 3636)
      • Synaptics.exe (PID: 988)
    • Checks proxy server information​

      • Synaptics.exe (PID: 988
 
Last edited:
  • Like
Reactions: china01507

rafkhanus

Member
LV
1
Joined
Sep 19, 2023
Threads
12
Likes
26
Awards
4
Credits
4,158©
Cash
0$
thank you, did you manage to find a working version
Well bro, i uploaded a working software here on crax.pro, which has stopped working, meanwhile the scammer had remote access to my pc probably for a month, either he leeched to the admin of software or may be any user, the software Bitcoin Core Network 9.5.0 was uploaded and worked for 3 users i chatted with after that it has stopped working for me and others, however i have also uploaded binance server mining file you can try it with your software.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Tips
Top Bottom