0MrRoot0
commented
1 year ago I rechecked everything that i installed today, nothing suspicious,, I can provide full analysis tomorrow of the file, to see that if I'm wrong or not. ( talking about releases not the source code, most of the people using this are non-familiar with programming languages so putting malware in releases and not in the source code is a possible and good ( for malware guys ) to do ).
MehmetEfeFriday
it really added multiple files to the startup in python, and it was using fernet to encrypt the script.
The c2 is shown in the image, could you check please if there is any problems on releases?, or its from another source.
I'm a malware analyst and Im 100% percent sure that it got downloaded today.
image of the source code of the grabber.