MachineMania (distributed as MachineMania.exe) is payload that steals cookies and password combinations from the Google Chrome browser. While it has been seen distributed as a standalone executable, it is most often found as a second-stage payload of the Node Bootstrapper malware.
|Obfuscation||PyArmor (Super Mode)|
|Lasting Effects||None observed|
|Send Method||Discord Webhook (through run argument)|
MachineMania.exe has been distributed as a standalone executable, but has also been called as an additional payload in distributions of the Node Bootstrapper executable.
The executable is made with PyInstaller and obfuscated with PyArmor in Super Mode.
MachineMania.exe will silently run in the background and collect password and cookies from the Google Chrome browser only, although other Chromium browsers do not seem to be affected as its scope is deliberately cut by what appears to be a paywall.