Malware Analysis Another Evasive Discord Token Stealer Disguised as PC game 🎮☠️

Status
Not open for further replies.

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,867
I don't know how many of us had Discord installed on their test system. I think we should do it before running a Discord token installer. I don't have it on any of my VMs. I'll have to create a new account and install it on all the VMs.

@Shadowra Does MD block almost any unknown exe file in Max settings in your experience? I know that by default MD detects files if the cloud gives a malicious verdict with 90% probability. On High it's 80%, don't know the value of High+ but following the trend it's probably 70%. Max/Zero Tolerance apparently blocks all unknown exes.
 

Shadowra

Level 37
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,630
I don't know how many of us had Discord installed on their test system. I think we should do it before running a Discord token installer. I don't have it on any of my VMs. I'll have to create a new account and install it on all the VMs.

@Shadowra Does MD block almost any unknown exe file in Max settings in your experience? I know that by default MD detects files if the cloud gives a malicious verdict with 90% probability. On High it's 80%, don't know the value of High+ but following the trend it's probably 70%. Max/Zero Tolerance apparently blocks all unknown exes.

Yes, that's what I notice. Even the FakeAV from the other day was quickly detected with High+.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,867
Yes, that's what I notice. Even the FakeAV from the other day was quickly detected with High+.
High+? That's not Max settings. I think you meant Block in Configure Defender/Zero Tolerance on GPO.
On Default that FakeAV was detected after execution but weirdly was not cleaned automatically. I had to open Windows Security to manually start the cleaning process even though the ML detection name was Trojan not PUP/PUA.
 

XylentAntivirus

Level 3
May 9, 2024
101
There also dropped suspicious files with no detections. I now doing scan with my av called as Hydra Dragon Antivirus and it detected too many suspicious files but I stopped analysis while he is doing scan, now I'm going to do scan again.
Edit: It got detected by Hydra Dragon Antivirus Malpedia signatures. Still analysis continues.
 
Last edited:
  • Like
Reactions: Trident

nickstar1

Level 10
Verified
Well-known
Dec 10, 2022
452
In my test for Avast, it was sent to CyberCapture but it did not receive either a positive/negative verdict. Told me to wait a few hours and till then they will keep blocking the file.
should be detected soon as it was probably manually sent for analysis.
 
  • Like
Reactions: Trident
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top