"I made a game, can you test play?" DISCORD TROJAN

OfclyGoodenough · 26 May 2022 18:47

[color=#FF00]Link (Dangerous): Just a moment… (magicalbunny.xyz) [/color]

Registered via GoDaddy on May 7, 2022 - Whois magicalbunny.xyz

[color=#FF0000]VirusTotal - VirusTotal - File - c3bbc67eca66e40f1688d0bafc931853f1f83f68dd6bd30a411210f97d620b67[/color]

I AM UNABLE TO PERFORM AN ANY.RUN AS THE PROGRAM CAN ONLY BE RUN ON A 64-BIT OPERATING SYSTEM.

Program contains several trojans designed to steal Discord account tokens. This includes Trojan-PSW.Win32.Disco and PWS:Win32/QQpass

nextup · 28 May 2022 18:41

When opened, it will extract an electron application to the %temp% folder and make a TCP/HTTP request to: https://superfuniestindianparty.rip/

Source code is in Javascript but it’s obfuscated

OfclyGoodenough · 28 May 2022 19:28

This means they were also behind the fake “Mushi Come Home” game that we helped @SomeHumbleOnion deal with. Google Chrome cookies will also be stolen.

Associated IP Addresses:
91.216.107.48

185.17.0.22 (superfuniestindianparty.rip)

ginawyllie · 6 October 2023 14:19

Yeah, sure, I loved to play your game.