CryptOne
CryptOne is a malware family that is active in the Loader category and is widely observed around the world. This sample was identified as a modular loader designed to install additional malware on the target system. This installer, which is usually distributed through spam campaigns or drive-by download attacks, can be downloaded from banks after infiltrating the system.
History
CryptOne, 2020 yilinda tespit edilen gelismis bir packer/crypter ailesidir. Hancitor, WastedLocker ve diger kotu amacli yazilim ailelerini gizlemek icin kullanilmistir. Derleme zamani sahteciligi ve kod sifreleme ile AV kaçınma saglamaktadir.
Technical Details
Loader ailesi: HTTP/HTTPS C2, payload sifre cozme ve bellek icerisinde yükleme, anti-sandbox/VM kontrolleri, process injection, persistence mekanizmasi, yükü indirme ve calistirma zinciri
Threat Profile
Type
Loader
Programming LanguageC++
C2 ProtocolHTTP
First Seen2020
Targets
Windows
Purpose / Capabilities
- Payload Download
- Process Injection
- Persistence
- Anti-Analysis
No C2 servers have been identified for this family yet.