Sample
- SHA256
-
060ed0ec27a0a4ad7b55425ed56d8ef0c55aa61b499d4884d1679f18d518ddf3 - Difficulty
- medium
- Platform
- Multiple
- Tags
- curseforge discord jar java js minecraft modpack stealer
- Likes
- 1
- Views
- 183
- Submitter
- struppigel
Analysis
Goal
Find the two webhooks of this stealer and determine the persistence mechanisms.
Description
This modpack was found on SugarSMP(dot)com website which is supposedly a Minecraft online community without griefers.
This is the modpack for Curseforge. First figure out how Curseforge mods are structured.
It contains one mod which has been patched. Get the original mod and compare to find the entry point of the malicious code.
I am actually a bit unsure whether to place this in medium or advanced, because there is control flow obfuscation, but you don't necessarily need to tackle that to figure out the webhooks.
Recommended Tools
recaf
Image
Comments
Please login to view and post comments.