For a second i thought you were Jhon Hammond XD. I love how this is so in depth you got a new sub

Just wanna say it's a very good video because you just managed to make me focus during a malware analysis which is quite rare. You explained everything very well and in detail so thanks and you just got a new sub :)

So cool that you decided to analyze one of my samples! Been tracking the C2s of this malware for a while, writing any YARA rule has been so difficult due to this crazy amount of obfuscation.. These electron based stealers have been appearing on Telegram lately, and seem to be the same exact malware just with different names.

This video has been a wake up call. I could've been infected by this and would've had no way of knowing. I need to get clean up my opsec act, STAT! Thanks for a great in-depth analysis!

This is insane. Awareness needs to be raised. Thank you for your video

Came across this video because i just got hacked. They impersonated someone i knew and said something about a game to try and comment. I was stupid enough to download it. Stupider not suspect anything. This video at least told me what they could have access to or what they did get access. Since everything was token they only had a one time access. I since have reformatted my pc and changed all my passwords to what i thought they might have access to. But it was very stressful and scary. I came across this video cause the hackers tried sending me screenshots which showed my info. But also the program duvet they used. Good video. Stay safe everyone

12:44 is not the part where the token is stolen. Instead your discord instance is modified to launch the malware again.

The line at 16:50 weirdly enough is the KZbin video ID of Rick Astley's Never Gonna Give You Up.

I love how in-depth your video is while providing valuable information, very underrated channel, good job Jai!

16:50 Wait a second, I recognize that string! Hint: it's a youtube video ID

Academically interesting, but the foremost problem there would be Microsoft Windows. And Discord. It's not like the data sent using Discord is safe at all. But at least running something like a Flatpak of a web-version Discord client provides some kind of sandboxing.

14:26 - Interesting how they check for a VM... just by calculating if the total amount of memory is smaller then 2GB. And why does he check the hostname against a blacklist? Just to prevent the virus running on the pcs of his "crew" or "family"? these names look really weird to me... And killing debuggers to prevent people reverse engineering his code?

Jhon Hammond v2? Nice, that's a sub. This is done in a very minimal way, only the malware and nothing else, but since the app.asar file isn't signed you could take any standard electron app that is already trusted, unpack it, inject your malware into one of the legitimate scripts and pack it back together. AVs will have no way to tell other than maybe the installer and runtime monitoring. One of my friends used a similar technique over a year ago, undetected to this day afaik.

This is my first time on you channel and realy love the job and content. You get a new one in your Jai Minton house

Similar to BBY stealer.

i was recently a victim of said "sonicglyde" and i have a question if the virus spreads through other drives connected to the infected device?

For navigating A/B comparisons I highly recommend Beyond Compare, can diff folder trees and compressed formats and even binary so you can drill into the diffs by just clicking what you want to see diffed next.

This is super interesting! The actor definitely put a lot of time into the front of the malware to make it seem legitimate. Great breakdown of everything. New sub here!

16:49 they really put a rickroll in malware lmao

Impressively good audio for such a small channel.

wow Love it ♥.. Thanks for the clear expiations.

It seems like they updated this or there is a new variant called hexon, operates almost the exact same way but now it way more obfuscated.

i got hacked by this virus it was same and everything it even was inside the motherboard

This is awesome! Thank you! Very informative and useful video ❤

Awesome. Thanks a lot. Just a feedback - If you open analytics of any video through KZbin studio, you will find that mobile and desktop both users watches the videos. So from the next time please try to zoom more on the display so content gonna be perfect for all. Example: John Hammond's videos.

Awesome video! Your channel is underrated

Great video and easy to understand

the hackers update the stub when its get detected......

great video man. subscribed :)

pretty cool, again! thanks!

Great work 👏🔥

This malware seems to be going around by a lot of names but using the same website design and fake game. I saw it under the name of "Planets Therapy" on a video from The PC Security Channel.

Dude i got hacked by this, if you want any info on how it was done, maybe we can get in touch

cheers. Will have to sub on a few accounts :) - I too, initially thought you were Jon hammond at first glance ( the thumbnail) Semi similar features within the same genre. Anywho , good on y!

Bro I just got hacked by a discord token grabber through an exe think I could have been hacked

É a tropa do Linn Se tem Duvet Tem Like 🎉🎉

just found out about you now

Awesome

John Hammond

I thought Kaspersky detected it, yet you state it was completed undetected by AV vendors on VirusTotal?

Dollar store John Hammond 😂

Kaspersky best.

I don't mind technical videos about Windows, but when it comes to security some kind of acknowledgement that this is not a video about an open-source operating system, would be reassuring that you are helping non-technical users who don't know the difference. (Notice I tried to be unbiased by avoiding mentioning which open-source operating systems I prefer to use myself. 😉)

I am from VietNam

Keep up the great work! +1 sub 👏

Such clean code from the authors. 😮