There's Something About CryptBot: Yet Another Silly Stealer

Sept. 11, 2024, 8:23 a.m.

Description

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encryption, and exfiltration mechanisms. The report also highlights similarities and differences between YASS and its predecessor, CryptBot, offering insights into the evolution of this malware family.

Date

  • Created: Sept. 11, 2024, 8:02 a.m.
  • Published: Sept. 11, 2024, 8:02 a.m.
  • Modified: Sept. 11, 2024, 8:23 a.m.

Indicators

  • fd7654c5bb79652bc0db2696da35497b9aff2c783ec4c83705d33d329dc742d8
  • e3bf61f6f96d1a121a1f7f47188cd36fc51f4565ca8cd8fc07207e56a038e7ca
  • b2080e7705283fce7e03c8895977c5e8c451b5f8a6eb3faecb8acb986a1587c6
  • 7ac46eb84f4b6d25601f23d2c30b7e80b6f3b2d82d3240234fc50af75290a29f
  • 4810333bf96fb808604f3657118c734c3dd8ee4baa3e6ffe8da548ae0c8e15d3
  • 94.232.244.133
  • https://brewdogebar.com/code.vue'
  • http://102.0.0.0
  • https://forikabrof.click/flkhfaiouwrqkhfasdrhfsa.png
  • rceight8sr.top
  • grabios.org
  • enotik5050.com
  • barsuk5050.com

Attack Patterns