A Discord friend of mine, therealswonk, just became victim to a new, dangerous form of phishing that involves using compromised accounts to spread malware to others under the guise of a game they just made, prompting victims to try it out and rate it.
The program in question, however, contains a variant of the AgentTesla trojan to steal other’s accounts and further spread the malware to other potential victims. Hackers also use the trojan to remotely execute code to affected PCs, leaving Swonk unable to uninstall it unless he changes the cmd line of the program’s “properties” tab.
Analyze is Done i Have Found the ip address of the app that is sending info to
but it might be spoofed because the ip shows that its from cloudfare so you cant do anythink
The Trojan Uses port 56724
The Trojan Used protocol TCP
the file description details:
File Name MyFristGame.exe
File Size 152 KiB
File Type Win32 EXE
File Type Extension exe
Mime Type application/octet-stream
Machine Type Intel 386 or later, and compatibles
Pe Type PE32
Linker Version 48
Code Size 145920
Os Version 4
File Version Number 633.857.113.734
Product Version Number 633.857.113.734
Language Code Neutral
Company Name RNGCryptoServiceProvider
Original File Name DispatchRuntime.exe
Legal Copyright Copyright RNGCryptoServiceProvider 2008
Product Name TaskItem UpdatePanelTrigger
This File is A Trojan Its A “Testla Trojan”
oh hey sorry i didnt see you
yeah the virus or trojan uses the protocol TCP I used To See it with some netstat/wireshark/windows event to be able to see the ip address that was hard because the trojan run for 1 or 2 second then it will auto stop
