There's Something About CryptBot: Yet Another Silly Stealer

Sept. 11, 2024, 8:23 a.m.

Description

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encryption, and exfiltration mechanisms. The report also highlights similarities and differences between YASS and its predecessor, CryptBot, offering insights into the evolution of this malware family.

External References

https://intezer.com/blog/research/cryptbot-yet-another-silly-stealer-yass/
https://otx.alienvault.com/pulse/66e14e9f37e437974577602c
Tags
malware
infostealer
cryptbot
stealer
exfiltration
netsupport
downloader
2024-09-11
yass
mustardsandwich

Date

  • Created: Sept. 11, 2024, 8:02 a.m.
  • Published: Sept. 11, 2024, 8:02 a.m.
  • Modified: Sept. 11, 2024, 8:23 a.m.

Indicators

  • fd7654c5bb79652bc0db2696da35497b9aff2c783ec4c83705d33d329dc742d8
  • e3bf61f6f96d1a121a1f7f47188cd36fc51f4565ca8cd8fc07207e56a038e7ca
  • b2080e7705283fce7e03c8895977c5e8c451b5f8a6eb3faecb8acb986a1587c6
  • 7ac46eb84f4b6d25601f23d2c30b7e80b6f3b2d82d3240234fc50af75290a29f
  • 4810333bf96fb808604f3657118c734c3dd8ee4baa3e6ffe8da548ae0c8e15d3
  • 94.232.244.133
  • https://brewdogebar.com/code.vue'
  • http://102.0.0.0
  • https://forikabrof.click/flkhfaiouwrqkhfasdrhfsa.png
  • rceight8sr.top
  • grabios.org
  • enotik5050.com
  • barsuk5050.com
Download all indicators here!

Attack Patterns

  • YASS
  • MustardSandwich
  • CryptBot
  • NetSupport