Karsten HahnGuvercinInstaller.exe 1/72
#kurdishmyth stealer, NodeJS
➡️Infects discord_desktop_core\index.js
➡️Steals various browser and discord data.
➡️Exfiltrates via discord webhook.
The code references kurdishmyth and mythprivate
The wallet exfiltration webhook uses a photo of Abdullah Öcalan as its avatar image.
You will find the same malware family with this VT search query:
vhash:087076656d156d05655253z72zff7z11z23z13z93z12b4z11z behaviour_processes:"C:\\Windows\\system32\\cmd.exe /d /s /c \"taskkill /F /IM discord.exe\""
