216.73.217.86

Crystal Rans0m: Hybrid ransomware with stealer capabilities

· Published 21/10/2024 11:04 · Modified 21/10/2024 11:24

Export JSON

Essential information

Published
21/10/2024 11:04
Modified
21/10/2024 11:24
Tags
2024-10-21 anti-vm crystal rans0m discord hybrid ransomware monero rust session stealer
Related entities
5 observables, 7 techniques (mitre), 1 malware, 14 others

Description

is a newly discovered family developed in , first observed in September 2023. It combines file encryption with data stealing capabilities, doubling its leverage over victims. The malware targets browser data, tokens, Steam files, and Riot Games data. It uses webhooks for exfiltration and Salsa20 for file encryption. The ransom note demands payment in and provides a ID for communication. employs and anti-debugging techniques. Recent samples suggest it may be modular, allowing attackers to choose specific components. While initially seen targeting Italy and Russia, its motivation appears to be financial gain without specific geographic or industry focus.

External references