Andro24

@RealNormalFacts @OmikronSigma It's literally the official JRE from Oracle... You can check the hashes and the file signatures by yourself. We needed a newer JRE than the one that comes with Minecraft because of some new Java features.

@Andro24_ @OmikronSigma When will you address the reasoning behind the custom JRE downloaded not from Oracle but directly from Sigma Client website? Seems extremely fishy to me🧐

And another malware that pretends to be Sigma. This time, it's a dropper that downloads a stealer (Raccoon Stealer) hosted on GitHub. The stealer steals user's browser data, email credentials, crypto wallets, and more. 𝘕𝘪𝘤𝘦 𝘵𝘺𝘱𝘰 𝘢𝘵 '𝘴𝘵𝘦𝘢𝘭𝘦𝘳' 𝘋𝘢𝘷𝘪𝘥...

@_Raph9213 DnSpy pour la décompilation de l'assembly .NET, et IDA Pro pour la décompilation du code machine.

@Andro24_ C'est quoi les applications dans les 2 derniers screen ?

Also, the virustotal link is just a scan of a txt file renamed as an executable lmao

This stealer's panel is hosted on http://35[.]198[.]141[.]22/gate This is a Google Cloud Service server which is pretty common for this stealer. More info: cyberark.com/resources/thre… cybereason.com/blog/hunting-r…

@ItsSkriptic Not our fault if you got a bad cpu/gpu ¯\_(ツ)_/¯ OT: we'll add optifine on 1.16 soon.

Some ppl tried to spread a botnet by making a fake version of Sigma (my software), but they forgot to disable the registration on their admin panel 🤦‍♂️ They also left their directory opened. cc @malwrhunterteam 2.56.214.165 app.any.run/tasks/1ee4d2a2…

@ItsSkriptic reddit.com/r/SigmaClient/… reddit.com/r/SigmaClient/… reddit.com/r/SigmaClient/… Search button ?

Most of the strings are encrypted (with AES) but the key is ofc in the binary file. So here's the server's host and port decrypted : eyesoflucifer[.]duckdns[.]org:1337 (the ip is down, and looks residential)

Pro tip: don't try to get a cracked version of Sigma5 they're viruses. This video's one is a dropper. The dropped executable connects to a server with SSL, and then invokes a payload sent from it. Malwarebytes detects it has a ransomware.

@sekenerveux @malwrhunterteam tkt ils vont pas tenir longtemps

@Andro24_ @malwrhunterteam Les gros fdp

Looks like it also allows you to create files anywhere🤔

Update, it looks like they're using a 2-year-old version of "BlackNET" that can be downloaded here : github.com/decay88/BlackN… And at first glance, you can see that it's vulnerable to SQL injection😂

Dear Community, I have heard your fears and concerns about the state of the Hypixel Network. The increase of hackers is ruining the fun of honest players. Consequently I have decided to personally address this issue and I am proud to announce that cheaters can go fuck themselves

youtube.com/watch?v=abrj1L… New epic montage by Andro24 go watch now!

@OmikronSigma @stelerio Essaye de mettre un espace entre "Fly" et le hashtag🙂

@stelerio salut je me suis fais ban alors que je cheatais même pas, j'ai essayé d'ajouter le gars proposé sur la raison du ban sur discord mais y a une erreur ça fonctionne pas :( Help svp! Ah aussi y a un gars il m'a insulté, si vous pouviez le mute ce serait sympas