Description
This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encryption, and exfiltration mechanisms. The report also highlights similarities and differences between YASS and its predecessor, CryptBot, offering insights into the evolution of this malware family.
Date
| Published | Created | Modified |
|---|---|---|
| Sept. 11, 2024, 8:02 a.m. | Sept. 11, 2024, 8:02 a.m. | Sept. 11, 2024, 8:23 a.m. |
Indicators
fd7654c5bb79652bc0db2696da35497b9aff2c783ec4c83705d33d329dc742d8
e3bf61f6f96d1a121a1f7f47188cd36fc51f4565ca8cd8fc07207e56a038e7ca
b2080e7705283fce7e03c8895977c5e8c451b5f8a6eb3faecb8acb986a1587c6
7ac46eb84f4b6d25601f23d2c30b7e80b6f3b2d82d3240234fc50af75290a29f
4810333bf96fb808604f3657118c734c3dd8ee4baa3e6ffe8da548ae0c8e15d3
94.232.244.133
https://brewdogebar.com/code.vue'
http://102.0.0.0
https://forikabrof.click/flkhfaiouwrqkhfasdrhfsa.png
Attack Patterns
YASS
MustardSandwich
CryptBot
NetSupport
T1071.004
T1197
T1574.002
T1059.005
T1555.003
T1059.001
T1059.007
T1056.001
T1555
T1113
T1071.001
T1518.001
T1082
T1057
T1105
T1027
T1112
T1059