[color=#FF00]Link (Dangerous): Just a moment… (magicalbunny.xyz) [/color]
Registered via GoDaddy on May 7, 2022 - Whois magicalbunny.xyz
[color=#FF0000]VirusTotal - VirusTotal - File - c3bbc67eca66e40f1688d0bafc931853f1f83f68dd6bd30a411210f97d620b67[/color]
I AM UNABLE TO PERFORM AN ANY.RUN AS THE PROGRAM CAN ONLY BE RUN ON A 64-BIT OPERATING SYSTEM.
Program contains several trojans designed to steal Discord account tokens. This includes Trojan-PSW.Win32.Disco and PWS:Win32/QQpass
1 « J'aime »
When opened, it will extract an electron application to the %temp% folder and make a TCP/HTTP request to: https://superfuniestindianparty.rip/
Source code is in Javascript but it’s obfuscated
This means they were also behind the fake “Mushi Come Home” game that we helped @SomeHumbleOnion deal with. Google Chrome cookies will also be stolen.
Associated IP Addresses:
91.216.107.48
185.17.0.22 (superfuniestindianparty.rip)
1 « J'aime »
Yeah, sure, I loved to play your game.
