Today > | 7 High | 24 Medium | 8 Low vulnerabilities   -   You can now download lists of IOCs here!

There's Something About CryptBot: Yet Another Silly Stealer

Sept. 11, 2024, 8:23 a.m.

Description

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encryption, and exfiltration mechanisms. The report also highlights similarities and differences between YASS and its predecessor, CryptBot, offering insights into the evolution of this malware family.

Date

Published: Sept. 11, 2024, 8:02 a.m.

Created: Sept. 11, 2024, 8:02 a.m.

Modified: Sept. 11, 2024, 8:23 a.m.

Indicators

fd7654c5bb79652bc0db2696da35497b9aff2c783ec4c83705d33d329dc742d8

e3bf61f6f96d1a121a1f7f47188cd36fc51f4565ca8cd8fc07207e56a038e7ca

b2080e7705283fce7e03c8895977c5e8c451b5f8a6eb3faecb8acb986a1587c6

7ac46eb84f4b6d25601f23d2c30b7e80b6f3b2d82d3240234fc50af75290a29f

4810333bf96fb808604f3657118c734c3dd8ee4baa3e6ffe8da548ae0c8e15d3

94.232.244.133

https://brewdogebar.com/code.vue'

http://102.0.0.0

https://forikabrof.click/flkhfaiouwrqkhfasdrhfsa.png

rceight8sr.top

grabios.org

enotik5050.com

barsuk5050.com

Attack Patterns

YASS

MustardSandwich

CryptBot

NetSupport

T1071.004

T1197

T1574.002

T1059.005

T1555.003

T1059.001

T1059.007

T1056.001

T1555

T1113

T1071.001

T1518.001

T1082

T1057

T1105

T1027

T1112

T1059