![webook maker discord webook maker discord](https://i.ytimg.com/vi/FC1ER6EMBHw/hqdefault.jpg)
![webook maker discord webook maker discord](https://images.discordapp.net/avatars/774516332497731594/8599a6ac3492d5e1d5220e651ae9ace3.png)
An excerpt from the decompiled code is shown in Figure 3.
WEBOOK MAKER DISCORD GENERATOR
The archive contained an executable file named “Discord Nitro Generator and Checker.exe”. The downloaded archive “Discord_Nitro_Generator_and_Checker.rar” masqueraded as a Discord Nitro Generator application. The sample we are using for this analysis was hosted in the Discord URL – (md5 – 172c6141eaa2a9b09827d149cb3b05ca). It then sends them as a chat message back to the attacker via a webhook URL. The payloads steal victims credentials like system information, IP address, web browser passwords, and tokens.TruoubleGrabber using Discord and Github for downloading the next stage payloads to the victim’s machine.The delivery of TroubleGrabber to the victim’s machine via Discord attachment link.The depiction in Figure 2 illustrates the following steps Figure 2: TroubleGrabber attack kill chain The visual depiction of the TroubleGrabber attack kill chain is shown in Figure 2. The files associated with these detections used Discord for malware delivery, next stage payloads, and C2 communication. TroubleGrabber – Gen:Variant.Razy.742965 and Gen:Variant.Razy.728469 were the first stage payload of Gen:Variant.Razy.729793, a new malware variant we had not seen before October 2020.All the files associated with these detections were delivered via Discord.
WEBOOK MAKER DISCORD CRACKED
GameHack – Gen:Variant.Mikey.115607, Trojan.GenericKD.43979330 were patched or cracked versions of popular games.
![webook maker discord webook maker discord](https://miro.medium.com/max/3620/1*zyPTIwLUG7oTUBosU4XLkA.png)
These detections are related to two distinct groups of malware At the same time, we scanned our malware database for samples containing Discord URLs used as next stage payloads or C2’s.įigure 1 shows a breakdown of the top five detections of 1,650 malware samples from the same time period that were delivered from Discord and also contained Discord URLs. In October 2020 alone, we identified more than 5,700 public Discord attachment URLs hosting malicious content, mostly in the form of Windows executable files and archives. This post will detail the technical analysis of TroubleGrabber and provide insights on the generator and its creator. We discovered TroubleGrabber in October 2020 when researching public Discord attachments for our previous blog post, Leaky Chats: Accidental Exposure and Malware in Discord Attachments. Based on the file names and delivery mechanisms, TroubleGrabber is actively being used to target gamers. This information is sent via webhook as a chat message to the attacker’s Discord server. This malware, which primarily arrives via drive-by download, steals the web browser tokens, Discord webhook tokens, web browser passwords, and system information.
![webook maker discord webook maker discord](https://www.minitool.com/images/uploads/news/2021/03/make-discord-webhooks-for-github/make-discord-webhooks-for-github-1.png)
TroubleGrabber is written by an individual named “Itroublve” and is currently used by multiple threat actors to target victims on Discord. While it bears some functional similarity to AnarchyGrabber, it is implemented differently and does not appear to be linked to the same group. “TroubleGrabber” is a new credential stealer that is being spread through Discord attachments and uses Discord messages to communicate stolen credentials back to the attacker.