Malware analysis of an Electron-based stealer which targets Discord accounts and payment information. At the time of initial analysis this was completely undetected by AV vendors on VirusTotal.
If you're interested in analysing this sample and trying your hand at answering some critical questions about this malware, take a look at Subatomic on Hack The Box.
** Subatomic: Hack The Box **
[ Ссылка ]
** Find me at **
Twitter/X - [ Ссылка ]
Blog - [ Ссылка ]
Mastodon - [ Ссылка ]
** Tools **
7-Zip - [ Ссылка ]
TC4Shell Asar7z - [ Ссылка ]
Detect It Easy - [ Ссылка ]
Notepad++ - [ Ссылка ]
VSCode - [ Ссылка ]
npm and Node.js - [ Ссылка ]
npm CLI - [ Ссылка ]
FLARE VM - [ Ссылка ]
** Sample **
[ Ссылка ]
[ Ссылка ]
[ Ссылка ]
** Further Analysis **
[ Ссылка ]
[ Ссылка ]
** Timestamps **
00:00 - Intro
00:35 - Subatomic Hack The Box
00:50 - Malware Bazaar analysis
01:10 - Scan of website serving malware
01:24 - VirusTotal analysis
01:40 - SpcSpOpusInfo structure
02:00 - Inconsistencies in malware
02:55 - Understanding Nullsoft Scriptable Install System (NSIS)
03:15 - Components of NSIS
04:34 - Electron app-32 components
05:37 - Electron app.asar resources
06:07 - Extracting Application Source code Archives (asar) files
07:10 - Resolving errors
07:40 - Components of asar files
07:50 - Analysing package.json
08:30 - Creating a working directory with VSCode
09:20 - Initial launch of malicious app.js
09:30 - Resolving errors
09:52 - Fix DPAPI error
10:45 - Fix sqlite3 error
11:11 - Debugging Electron-based malware
12:00 - Finding functions on the Call Stack
12:20 - Brief analysis of dynamic functions
13:16 - Static analysis of app.js
13:50 - Firefox token stealing
14:05 - AntiVM and anti-analysis operations
15:04 - Deep dive into malware functionality
24:39 - Naming malware Duvet Stealer
25:05 - Open source investigation
25:20 - Overlap with `SonicGlyde Discord Malware`
25:50 - Discord phishing
27:05 - Analysis of `SonicGlyde Discord Malware` malware
29:25 - Paths.json file analysis
29:56 - Outro
Credits:
SFX by Pixabay
Ещё видео!