Malcat

Does someone know this #malware, since this is definitely NOT latrodectus. Looks like some Discord-backed infostealer:

https://bazaar.abuse.ch/sample/85f8ccf69bed672d92b40c45f9571378a7d00c80b86004a76018d9e120eeaa01/

Jun 1 at 9:29amWeb
Show threadJames_inthe_boxJun 2
@malcat Looks custom. FWIW the bot auth code is hard coded in the sample (starts with MTM1N)
Show threadMalcatJun 3

@james_inthe_box yes, it looks like a new TA. FYI, some interesting investigative work was done in this twitter thread:

https://x.com/malcat4ever/status/1929107756771872971

Malcat (@malcat4ever) on X

Does someone know this #malware, since this is definitely NOT latrodectus. Looks like some Discord-backed infostealer: https://t.co/zpAhmNhxWJ

X (formerly Twitter)
Show threadMalcatJun 3
@james_inthe_box there is even a screenshot of what looks like the guy's desktop ^^
Show threadJames_inthe_boxJun 3
@malcat Love it!