One of my old classmates got their YouTube channel HACKED

Associated YouTube channel - Kaiser DGod - YouTube

The channel used to belong to an old classmate of mine, Axel, before getting compromised earlier today. His old videos remain, but is now paired with those promoting malware.

TROJAN 1 - Download Youtube BOT.rar from Sendspace.com - send big files the easy way

VirusTotal - VirusTotal - URL - 88be1b0e8b32e989febddb396ccc3f93f36f1f0ab53c30782c284af0f64a695a

Any.run - [https://fs13n1.sendspace.com/dl/cd354207f1c28d2a2d821cd036ee95d9/61e5c9516fa0b1c0/45a2kd/Youtube%20BOT.rar] - Interactive analysis - ANY.RUN](Analysis https://fs13n1.sendspace.com/dl/cd354207f1c28d2a2d821cd036ee95d9/61e5c9516fa0b1c0/45a2kd/Youtube%20BOT.rar] Malicious activity - Interactive analysis ANY.RUN)

TROJAN 2 - Download Iobit Uninstaller Pro.rar from Sendspace.com - send big files the easy way

VirusTotal - VirusTotal - URL - 2592ecffa461d2618ee7dac19cf448f69bf399fc6c0fb3ab9393125ee026a9a0

Any.Run - https://fs03n1.sendspace.com/dl/74d12e7ed87967ef095c676942f3ce9d/61e5c97324367191/tdo330/Iobit%20Uninstaller%20Pro.rar - Interactive analysis - ANY.RUN

TROJAN 3 - Download IDM.rar from Sendspace.com - send big files the easy way

VirusTotal - VirusTotal - URL - 7af22f4f278b582aaa7b701a2c2c99906b7658cf6470bf24e701c4d3488f52ce

Any.run - https://fs13n3.sendspace.com/dl/22d8b5a44729a819228e2b4ae58b6056/61e5ca2d4b9ba051/9dwntc/IDM.rar - Interactive analysis - ANY.RUN

Basically, each program contains the RedLine tracker and drop s & downloads executable files from the IP address 91.243.59.17

image861×686 71.4 KB

i will decompiler it and see if answers in redline YARA signature

What’s the password?

Password: 1234

I found connection from russian server : 91.243.32.101 which also has Log2Shell RCE

NEW IP - 185.250.204.162

image853×671 63.5 KB

Fucker’s now doing a fake Nitro generator - FREE Discord Nitro Generator + Checker 3 UPDATED DOWNLOAD 2022 - YouTube

I’m doing my best to report what I can.

image1124×535 65.7 KB