"I made a game, can you test play?" DISCORD TROJAN

Link (Dangerous): Just a moment… (magicalbunny.xyz)

Registered via GoDaddy on May 7, 2022 - Whois magicalbunny.xyz

image

VirusTotal - VirusTotal - File - c3bbc67eca66e40f1688d0bafc931853f1f83f68dd6bd30a411210f97d620b67

I AM UNABLE TO PERFORM AN ANY.RUN AS THE PROGRAM CAN ONLY BE RUN ON A 64-BIT OPERATING SYSTEM.

Program contains several trojans designed to steal Discord account tokens. This includes Trojan-PSW.Win32.Disco and PWS:Win32/QQpass

When opened, it will extract an electron application to the %temp% folder and make a TCP/HTTP request to: https://superfuniestindianparty.rip/

Source code is in Javascript but it’s obfuscated

This means they were also behind the fake “Mushi Come Home” game that we helped @SomeHumbleOnion deal with. Google Chrome cookies will also be stolen.

Associated IP Addresses:
91.216.107.48

185.17.0.22 (superfuniestindianparty.rip)