News Feed
- DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.
- Retro Market has gone offline. Circumstances of the closure unknown.
- SuperMarket has closed following an exit scam by one of the admins.
- The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.
- Silk Road
- darknet markets list
- Popular P2P exchange LocalMonero has announced it is closing.
If you want to obfuscate / hide the parameters ("-u 0xMyRVNWallet") you can use argument spoofing (usually done by manipulating thePeb->ProcessParameters.CommandLine.Buffer and Peb->ProcessParameters.CommandLine.Length) / remote config files.
- but modifying the source isn't a good way to run from AVs, meanwhile a good loading technique is). -
how they gonna understand its a malware if the code is different from the previous, obviously you and OP are dumb and know nothing about it so shutup and go on some research security paper for see how REAL hackers do it.
not with wallet as parameter, the wallet must not be here at all.
Changing the code results in different heuristics, so yes you will bypass static, but as long as your loading method is trash, your runtime will be deplorable.
Correct me where I am wrong, how do "real hackers" do it?
"not with wallet as parameter", of course, that's why I said to spoof arguments, how do you parse the pool and wallet settings to the mining software? Does your miner send it into thin air? Are you actually that retarded?
These so called "miners" you see on every forum are a wrapper for the real software that does the mining, so they work pretty similar to a crypter. The stub needs to be good enough to bypass the AV, not the payload (which in this simple case is the mining tool). If you are loading into memory plain payload, but a little bit changed because "oh I modified the code to do X instead of Y" it will take 2 hours at MAX. in the wild to get detected. You want to talk about research? Do this: upload a good loading technique on VT, upload a modified xmrig on VT at the same time. I will promise you that you will get 4 detections max in the first 4 weeks on the loading technique, and 30+ detections on the modified xmrig in the first 3 days.
Not even talking about behavior based which you can't bypass with "small code changes", as the idea itself of paging and using so much resources is pretty suspicious from the start. My suggestion was just: don't spend time on rewriting the miner software, work hard on your loading technique and you will be good to go. Tell me, again, where I am wrong?
Of course it needs parameters as long as you are relying on tools that are made to be customizable, you want to edit the code? Go for it, but most closed source only accept parameters, so you need to work with that. The idea is to adapt not to make it harder for the developer.
Nonetheless, please tell me where I am wrong, and how do real hackers do it, until then you are just unintelligent. This time I really want a talk, so reply with your believes. Thank you.
This comment was posted automatically by a bot. All AutoModerator settings are configured by individual communities. Contact this community's Moderators to have your post approved if you believe this was in error.
Proxy doesn't solve arguments, just "moves" them remote, and I already said you can do that.
*The fact that you are using UnamSanctam or some other tool doesn't make you any more capable when discussing on HOW they work, you are seeing the endproduct, he was asking on how to implement it.
theres no remote config file, nothing is download and using proxy is not same as using a normal config so its not remote config files
kill yourself nigga, i dont even know whats this garbage is UnamSanctam, you seriously doesnt even know how to run a github project? you prooved with your words you know nothing and now you trying to say that i buy software how unintelligent you are
*The fact that you dont know what a proxy and reverse proxy is tell a lot abour your knowledge.
- Just to make you understand how retarded your comment is: you don't need the wallet on the client. You don't want the wallet on server (remote config). WHERE THE FUCK DO YOU WANT THE WALLET OR THE OTHER SETTINGS (pool/worker name/algo)? Simply put, it's on the remote server, you just never knew it because you think the remote proxy offers the information back to the client, when in reality the reason you make the bot a proxy is to act as the middleman between the backend and your client to mask/reduce outbound connections from network activity (and possibly to chain it).
- The fact that you keep the wallet encrypted and decrypt it at runtime doesn't "hide" the wallet completely, it only "hides" it from static analysis (depending on how good your encryption is...)
- The fact that you say you don't know what UnamSanctam is, but then say "how to run a github project" clearly says that you are using it. Just a heads up: the panel was/is vulnerable (so at least change the favicon to not get your bots "moved" by scanners), that's why most people moved to something else, and the code is insanely trash (no sanity checks, extremely loud system state checks).
So in the end, you are using tools without knowing anything about them, thank you, that's what I wanted to know. Please do not reply, you are too busy scamming kids and infecting highschool teenagers, and I simply don't want to talk to you, m4st3r h@cker.
stick ur tongue to someone else ass, you dont know nothing still and you will never, you neither found the akamai research how dumb are you.
https://xmrig.com/proxy this is a simple proxy that hide the wallet - name behind the server and is on github, i dont know UnamSanctam sam altman?
and it dont works as you tried to "explain" it lol, its not a proxy on the client its on the server and pool/worker name/algo all are on the server and can be replaced with random things(not the pool) on client
im not using no tool dumb bitch, proxy distribute equally job with specific difficulties anyways you dont know how to code is clear why you tell me im using someone else code, cause you cant do it.
you are stupid , im not.
you dont even understand that a silent miner is different then have a C2, or a loader that get admin privilege then download miner client that connect to the proxy pool.
the encrypted part is not usefull for noone, the wallet and name should NOT be there.
"So in the end, you are using tools without knowing anything about them, thank you, that's what I wanted to know. Please do not reply, you are too busy scamming kids and infecting highschool teenagers, and I simply don't want to talk to you, m4st3r h@cker." YOU CANT EVEN TALK ABOUT YOURSELF HERE YOU ARE JUST JEALOUS AND A BITCH THAT DOESNT UNDERSTAND SHIT AND KEEP TALKING, FIND A WORK.
so is it or not a remote config file? xDD