masamesa
commented
3 years ago cool, this is my grabber btw.
KSGrabber is entirely your grabber? I presume you're not the one running the malware on people currently, correct?
Open Stanley-GF opened 3 years ago
masamesa
commented
3 years ago cool, this is my grabber btw.
KSGrabber is entirely your grabber? I presume you're not the one running the malware on people currently, correct?
0x15
commented
3 years ago Feel free to open a PR with any corrections or improvements to the analysis 😉
On Mon, Sep 13, 2021 at 8:26 AM Stanley @.***> wrote:
cool, this is my grabber btw.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/masamesa/KSGrabber-MalwareAnalysis/issues/1, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADBKGJKZP7H7PQNK6FSNEPDUBXUXZANCNFSM5D5WOFPA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
-- ␕
Stanley-GF
commented
3 years ago btw nightfall didn't made a lot of things, just the antivm etc, and nice malware analysis ! 👍
masamesa
commented
3 years ago btw nightfall didn't made a lot of things, just the antivm etc, and nice malware analysis ! 👍
I'll fix any mistakes, send me a dm on Twitter if you'd like proper credit for all that you wrote. I was just going based off of what I read in the code and what I could find online.
ghost
commented
3 years ago Really good analysis overall, However it doesn't inject the script in the console as you stated but rather in the discord installation files.
masamesa
commented
3 years ago Really good analysis overall, However it doesn't inject the script in the console as you stated but rather in the discord installation files.
Oh Jesus Christ, I was extremely tired when I wrote the full analysis and thought it was injecting it into the dev console. I truly appreciate you reading through it all and finding that mistake; I don't know how I read the console.writeline as hooking electron to inject code into the web console. I'll alert everyone to nuke their client and reinstall.
Will make updates later with credits to you for my blunder.
ghost
commented
3 years ago Really good analysis overall, However it doesn't inject the script in the console as you stated but rather in the discord installation files.
Oh Jesus Christ, I was extremely tired when I wrote the full analysis and thought it was injecting it into the dev console. I truly appreciate you reading through it all and finding that mistake; I don't know how I read the console.writeline as hooking electron to inject code into the web console. I'll alert everyone to nuke their client and reinstall.
Will make updates later with credits to you for my blunder.
Ahah np but don't credit me, credit stanley it's his method. Also to be more precise the "Minecraft stealing" part is just getting session tokens, so if they just relaunch their game it'll change.
Stanley-GF
commented
3 years ago Bytix l'expert minecraftien 😏
Stanley-GF
commented
3 years ago do u have discord btw ?
masamesa
commented
3 years ago do u have discord btw ?
Yeah feel free to add masamesa#0608
AskAlice
commented
2 years ago that's not the full code or your full discord tag @masamesa
masamesa
commented
2 years ago that's not the full code or your full discord tag @masamesa
Pretty sure piratestealer has been updated since then, so this for sure not up to date.
Github removed the first 0 in my tag due to it thinking I was referencing an issue. My tag is masamesa# 0608.
cool, this is my grabber btw.