#Python #Stealer #Discord

神龟Turmi

似乎是通过Discord发送窃取的信息
样本（国内）：https://share.weiyun.com/wLpRm3Li
样本（海外）：https://www.icloud.com/iclouddri ... cf8f0d0c601e4b01bf6

VT：https://www.virustotal.com/gui/f ... 796bdc233/detection
初扫：


S1 MISS

Yuki丶

呲溜 S1Miss

123456aaaafsdeg

BD Miss

GreatMOLA

Norton
双击报错，报错内容为“从服务器返回了一个参照”。

神龟Turmi

GreatMOLA 发表于 2023-8-8 11:10
Norton
双击报错，报错内容为“从服务器返回了一个参照”。

他都已经不演了（
但是报错原因我也不清楚 我不会python 反编译出来也没法看

dght432

360自动上报杀：
类型:木马-Win32/Trojan.Generic.HgEATHkA
描述:木马是一种伪装成正常文件的恶意软件，会盗取您的帐号、密码等隐私资料。
扫描引擎:云安全引擎
文件路径:D:\360安全浏览器下载\sample-5971862399628cf8f0d0c601e4b01bf6\FreeNitro.exe
文件大小:11.15M (11,694,417 字节)
文件指纹（MD5）:5971862399628cf8f0d0c601e4b01bf6
处理建议:隔离文件

隔山打空气

CS沙箱 100/100
"FreeNitro.exe" trying to open a file "C:\Users\%OSUSER%\AppData\Local\Google\Chrome\User Data\DEFAULT\LOGIN DATA"
"FreeNitro.exe" trying to open a file "C:\Users\%OSUSER%\AppData\Local\Google\Chrome\User Data\DEFAULT"
"FreeNitro.exe" trying to open a file "C:\Users\%OSUSER%\AppData\Local\BRAVESOFTWARE\BRAVE-BROWSER\USER DATA\DEFAULT"
"FreeNitro.exe" trying to open a file "C:\Users\%OSUSER%\AppData\Local\YANDEX\YANDEXBROWSER\USER DATA\DEFAULT"
"FreeNitro.exe" trying to open a file "C:\Users\%OSUSER%\AppData\Local\Google\Chrome\User Data\LOCAL STATE"
"FreeNitro.exe" trying to open a file "%LOCALAPPDATA%\Google\Chrome\User Data\DEFAULT\LOGIN DATA"
"FreeNitro.exe" trying to open a file "%LOCALAPPDATA%\Google\Chrome\User Data\DEFAULT"
"FreeNitro.exe" trying to open a file "%LOCALAPPDATA%\BRAVESOFTWARE\BRAVE-BROWSER\USER DATA\DEFAULT"
"FreeNitro.exe" trying to open a file "%LOCALAPPDATA%\YANDEX\YANDEXBROWSER\USER DATA\DEFAULT"
"FreeNitro.exe" trying to open a file "%LOCALAPPDATA%\Google\Chrome\User Data\LOCAL STATE"

hhhq316

蜘蛛

xjwtzq

AVIRA miss

aikafans

道特韦伯都发现病毒了，难得难得