Accepted 76561198167089679 (barejson #FORGOT)

Discussion in 'Scam Reports (archive)' started by advicebanana, Apr 21, 2015.

Tags:
Thread Status:
Not open for further replies.
  1. advicebanana

    advicebanana Member

    Joined:
    Feb 4, 2015
    Messages:
    861
    Likes Received:
    23
    Steam:
    Steam SteamRep
    Accused:
    | steamname: barejson #FORGOT
    | steam3ID: [U:1:206823951]
    | steamID32: STEAM_0:1:103411975
    | steamID64: http://steamcommunity.com/profiles/76561198167089679
    | customURL: http://steamcommunity.com/id/afrassaaz
    | steamrep: http://steamrep.com/profiles/76561198167089679

    Mark:
    | steamname: аdvicebanana
    | steam3ID: [U:1:23045495]
    | steamID32: STEAM_0:1:11522747
    | steamID64: http://steamcommunity.com/profiles/76561197983311223
    | customURL: http://steamcommunity.com/id/advicebanana
    | steamrep: http://steamrep.com/profiles/76561197983311223

    What happened?
    The accused added me and told me he had been playing CSGO with me before and that we could maybe play again later.
    That was right now. He told me to connect to their Teamspeak server at 178.217.191.207:6390 and to download a ESEA client program from their channel's file browser.
    There were four other people in that channel rushing me into downloading their supposed ESEA client and execute it as administrator. You should never do that.

    The executable in that archive screams virus from the rooftops. This is the included executable:
    https://www.virustotal.com/en/file/...0ad50e80694eed049de16e87402cafacc00/analysis/

    The malware is some form of AutoIt script. When extracted, it drops this file among other things:

    Screenshots:
    http://files.f-o-g.eu/g5b420
    http://files.f-o-g.eu/aad7b8
    http://files.f-o-g.eu/072e42
    http://files.f-o-g.eu/4fe872
    http://files.f-o-g.eu/f08e8e
    http://files.f-o-g.eu/34aa46

    Hidden Content:
    **Hidden Content: Content of this hidden block can only be seen by members of (usergroups: Legacy Trade Moderator).**
     
  2. harsheldon #bday in 2days

    harsheldon #bday in 2days Member

    Joined:
    Feb 25, 2015
    Messages:
    67
    Likes Received:
    11
    Steam:
    Steam SteamRep

    Is that a working phishing link / virus?

    please remove it for the safety of viewers, if it is.
     
  3. advicebanana

    advicebanana Member

    Joined:
    Feb 4, 2015
    Messages:
    861
    Likes Received:
    23
    Steam:
    Steam SteamRep
    Can you be more specific? No, "*snip*" is obviously not a working phishing link.
     
  4. harsheldon #bday in 2days

    harsheldon #bday in 2days Member

    Joined:
    Feb 25, 2015
    Messages:
    67
    Likes Received:
    11
    Steam:
    Steam SteamRep
    I was checking, sorry, with a name like virus total, doesn't hurt to double check,
     
  5. Tio José das Vacas

    Tio José das Vacas Senior Trade Moderator

    Joined:
    Jun 29, 2014
    Messages:
    3,686
    Likes Received:
    370
    Steam:
    Steam SteamRep
    Accepted since this is manual, it's na actual person and not a bot. A full tag will be aplied. Thanks!

    Hidden Content:
    **Hidden Content: Content of this hidden block can only be seen by members of (usergroups: Legacy Trade Moderator).**
     
    Last edited: Apr 22, 2015
  6. n0name

    n0name Administrator

    Joined:
    Aug 27, 2012
    Messages:
    8,650
    Likes Received:
    1,523
    Steam:
    Steam SteamRep
    Marked.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.