Olivia
Online
Andro24
@Andro24_
@sigmacheat
Joined June 2019
220 Following
101 Followers
35 Posts
@RealNormalFacts @OmikronSigma It's literally the official JRE from Oracle...
You can check the hashes and the file signatures by yourself.
We needed a newer JRE than the one that comes with Minecraft because of some new Java features.
And another malware that pretends to be Sigma.
This time, it's a dropper that downloads a stealer (Raccoon Stealer) hosted on GitHub.
The stealer steals user's browser data, email credentials, crypto wallets, and more.
ππͺπ€π¦ π΅πΊπ±π° π’π΅ 'π΄π΅π¦π’ππ¦π³' ππ’π·πͺπ₯...
@_Raph9213 DnSpy pour la dΓ©compilation de l'assembly .NET, et IDA Pro pour la dΓ©compilation du code machine.
Also, the virustotal link is just a scan of a txt file renamed as an executable lmao
This stealer's panel is hosted on http://35[.]198[.]141[.]22/gate This is a Google Cloud Service server which is pretty common for this stealer.
More info:
https://t.co/D9lCWZHSKY
https://t.co/d1qImBo5z0
@ItsSkriptic Not our fault if you got a bad cpu/gpu Β―\_(γ)_/Β―
OT: we'll add optifine on 1.16 soon.
Some ppl tried to spread a botnet by making a fake version of Sigma (my software), but they forgot to disable the registration on their admin panel π€¦ββοΈ
They also left their directory opened.
cc @malwrhunterteam
2.56.214.165
https://t.co/9CB6KONvdW
@ItsSkriptic https://t.co/L6iN4eilBp
https://t.co/Ldfb9Nw1wD
https://t.co/ktwuefNNEF
Search button ?
Most of the strings are encrypted (with AES) but the key is ofc in the binary file.
So here's the server's host and port decrypted :
eyesoflucifer[.]duckdns[.]org:1337
(the ip is down, and looks residential)
![Andro24_'s tweet photo. Most of the strings are encrypted (with AES) but the key is ofc in the binary file.
So here's the server's host and port decrypted :
eyesoflucifer[.]duckdns[.]org:1337
(the ip is down, and looks residential) https://t.co/NHAG6F6PRO](https://pbs.twimg.com/media/EdZKo52WsAAudK-.png)
Pro tip: don't try to get a cracked version of Sigma5 they're viruses.
This video's one is a dropper.
The dropped executable connects to a server with SSL, and then invokes a payload sent from it. Malwarebytes detects it has a ransomware.
Looks like it also allows you to create files anywhereπ€
Update, it looks like they're using a 2-year-old version of "BlackNET" that can be downloaded here : https://t.co/5fWqy2jcZw
And at first glance, you can see that it's vulnerable to SQL injectionπ
Dear Community,
I have heard your fears and concerns about the state of the Hypixel Network. The increase of hackers is ruining the fun of honest players. Consequently I have decided to personally address this issue and I am proud to announce that cheaters can go fuck themselves
https://t.co/M66WBSiwGY
New epic montage by Andro24 go watch now!
Last Seen Users on Sotwe
Ψ΄ΩΩ Ψ³ΩΨ³
ibszπ
Seen from Indonesia
Incesto_Confesionesπ¦π₯
Seen from United States
iFPixels 
Seen from Korea
TeΕhir EΕ & Sevgili & Γift PaylaΕΔ±m 𫦠π
Seen from Turkey
βοΌοΌ₯οΌ²οΌ΅β
Seen from United Kingdom
Pemburu stw
Seen from Indonesia
Saim_khan_96
Seen from Qatar
Duy Khang ng
Seen from Vietnam
public/naughty pooping
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.6M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.5M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.6M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers