So as those who know me know, I was a systems admin and pentester before I left my job a year ago. It came to my awareness from a server I moderate that people are sharing a video that *crashes your PC*, so i analyzed the payload and it does more (1/7)

upon analyzing said file, you can see the capesandbox report here: https://capesandbox.com/analysis/114361/ i could see it was executing and triggering shell code. (2/7)

upon then analyzing said shell code, we can see a few things https://capesandbox.com/analysis/114362/

as we can see here its harvesting information from users mail clients (3/7)

(4/7)

There are parts of its behaviour that do seem a bit overkill for your run of the mill credential snatcher, seeming to have more in common with an RAT. when i get more free time ill run it on a shitty old laptop i have laying around for a more manual analysis (5/7)

i have been told @discord is already aware of this video being shared around, but I would like to remind people that if some rando sends you an mp4 video, dont play the embedded file, if you already have i suggest a reinstall of your OS and changing of passwords (6/7)

this is a bit more than just a *funny video that crashes peoples computers*, and before someone here says *only exes give you viruses*, look up how software vulnerabilites work and why bug bounties exist, and discords own history with this stuff https://www.zdnet.com/article/discord-desktop-app-vulnerable-to-remote-code-execution-bug/ (7/7)