Today > | 5 High | 10 Medium | 7 Low vulnerabilities   -   You can now download lists of IOCs here!

Crystal Rans0m: Hybrid ransomware with stealer capabilities

Oct. 21, 2024, 11:24 a.m.

Description

Crystal Rans0m is a newly discovered hybrid ransomware family developed in Rust, first observed in September 2023. It combines file encryption with data stealing capabilities, doubling its leverage over victims. The malware targets browser data, Discord tokens, Steam files, and Riot Games data. It uses Discord webhooks for exfiltration and Salsa20 for file encryption. The ransom note demands payment in Monero and provides a Session ID for communication. Crystal Rans0m employs anti-VM and anti-debugging techniques. Recent samples suggest it may be modular, allowing attackers to choose specific components. While initially seen targeting Italy and Russia, its motivation appears to be financial gain without specific geographic or industry focus.

Date

Published: Oct. 21, 2024, 11:04 a.m.

Created: Oct. 21, 2024, 11:04 a.m.

Modified: Oct. 21, 2024, 11:24 a.m.

Indicators

bed70b08cf8b00b4e6b04acd348b5e0343d207f3083e1c58261679706bd10318

b027fe1e1e97d980de593cfd265d004b310c7655d3ee27ea3f10beaf70285e22

693fb42336167d5432a807fcb9afcac7002113fc37b05a2d3aa61c1356256c52

4970bd280da663f483f927f3a6c47833ebcbfe2b640ee66a309b41c7ed084375

15219aa22db99f064c47c224a205cdd3ed438dabd2d2593242ed2882e6458311

Attack Patterns

Crystal Rans0m

T1555.003

T1547.001

T1497

T1082

T1055

T1140

T1059

Additional Informations

South Georgia and the South Sandwich Islands

Georgia

Sweden

Lithuania

China

Argentina

Italy

Peru

Philippines

United Kingdom of Great Britain and Northern Ireland

Ukraine

Brazil

United States of America

Russian Federation