The contents of config.py includes the Mega Upload credentials and Discord bot token and the Discord server ID. This could be easily reverse-engineered by the victim as it is embedded in the binary. As downloading the key over encrypted communication and keeping it in memory is a better practice. However, using a C2 in the process defeats the purpose of sending the traffic to Discord. A good way to do this would be to read the data from an online third-party service such as Github.
A simple example would be:
Create a new secret gist with the config.py contents when an executable is compiled.
SierraOne will connect to the gist and retrieve contents in memory.
Once SierraOne joins the channel, erase the gist automatically.
Repeat this functionality for every binary during generation.
berkgoksel
commented
4 years ago 
The contents of
config.pyincludes the Mega Upload credentials and Discord bot token and the Discord server ID. This could be easily reverse-engineered by the victim as it is embedded in the binary. As downloading the key over encrypted communication and keeping it in memory is a better practice. However, using a C2 in the process defeats the purpose of sending the traffic to Discord. A good way to do this would be to read the data from an online third-party service such as Github.A simple example would be: