Xworm RAT is a brand new Remote Access Trojan written in. bat file (batch script), which, once executed by the user, leads to a multi-stage execution chain. When the user downloads the attached file, it leads to a.
#CRYPTER FOR SALE DOWNLOAD#
he goal of the message is to convince the user to download the attachment. Upon opening the message, there is a generic body with keywords often employed in social engineering campaigns. The user receives an email with the subject: “LEP/RFQ/AV/04/2022/6030”. However, upon further review there is more to this email than just meets the subject line. In this example that Perception Point’s advanced threat detection platform caught, a customer received a seemingly typical phishing email. Now that we have covered what ScrubCrypt is and how easy it is to access, let’s investigate how it can be used in a real-world example. This threatens the overall security of many organizations, as the Crypter hides the final payload, making it less detectable to even some advanced security systems. With a Crypter so easily available and accessible, any malicious actor can buy it and use it to propagate malware or the actor’s attack of choice. While other customers claim that ScrubCrypter has better performance than Jlaive, the features and functions are nearly identical. The developer’s response was confirmation that ScrubCrypter is just a renamed version of the Jlaive Crypter. The Jlaive Crypter has been used for a long time by many threat actors as their main Crypter of choice.Įventually, the main developer of the Jlaive Crypter replied to the user:įigure 5: Jlaive Crypter developer response This comment was made by a confused potential customer that managed to identify the similarity between ScrubCrypter and the well known Jlaive Crypter. One interesting comment we stumbled upon was as follows: The seller describes the Crypter as an “antivirus evasion tool converts executables into undetectable batch files”.Ĭustomers can leave a review about the Crypter in the HackForum post thread. The seller of the Crypter “Scrubspoof” provides a list of Crypter features, which include: The price of the Crypter is 40 USD for a monthly subscription and goes up to 200 USD for a lifetime subscription. ScrubCrypt is a Crypter currently sold on HackForums, a hacking forum in the clear web, that anyone can access from their device. In this blog we review the ScrubCrypter and its origin, where threat actors can easily buy the Crypter, and how attackers use phishing campaigns to distribute the Crypter and its accompanying malware. However, it can also be used to encrypt, obfuscate, or manipulate malware to make it harder for AV’s to detect. It uses strong encryption algorithms to ensure the data remains secure from attackers.
#CRYPTER FOR SALE SOFTWARE#
Over the past few weeks, Perception Point’s IR team has been investigating a Crypter, spread wildly via phishing emails that ultimately deliver RAT (Remote Access Trojan) malware from the Xworm family.Ī Crypter is a type of software used to encrypt, or hide, files or data so that they can be protected from unauthorized access.
0 kommentar(er)
