{ "name": "There's Something About CryptBot: Yet Another Silly Stealer", "slug": "theres-something-about-cryptbot-yet-another-silly-stealer", "description": "This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encryption, and exfiltration mechanisms. The report also highlights similarities and differences between YASS and its predecessor, CryptBot, offering insights into the evolution of this malware family.", "published": "2024-09-11T06:02:39+00:00", "created_at": "2024-09-11T06:02:39+00:00", "modified_at": "2024-09-11T06:23:55+00:00", "created_at_opencti": "2024-09-11T06:02:39+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-09-11", "cryptbot", "downloader", "exfiltration", "infostealer", "malware", "mustardsandwich", "netsupport", "stealer", "yass" ], "related_entities": { "observables": [ { "id": "", "name": "94.232.244.133" }, { "id": "", "name": "https://brewdogebar.com/code.vue'" }, { "id": "", "name": "http://102.0.0.0" }, { "id": "", "name": "https://forikabrof.click/flkhfaiouwrqkhfasdrhfsa.png" }, { "id": "", "name": "rceight8sr.top" }, { "id": "", "name": "grabios.org" }, { "id": "", "name": "enotik5050.com" }, { "id": "", "name": "barsuk5050.com" }, { "id": "", "name": "fd7654c5bb79652bc0db2696da35497b9aff2c783ec4c83705d33d329dc742d8" }, { "id": "", "name": "e3bf61f6f96d1a121a1f7f47188cd36fc51f4565ca8cd8fc07207e56a038e7ca" }, { "id": "", "name": "b2080e7705283fce7e03c8895977c5e8c451b5f8a6eb3faecb8acb986a1587c6" }, { "id": "", "name": "7ac46eb84f4b6d25601f23d2c30b7e80b6f3b2d82d3240234fc50af75290a29f" }, { "id": "", "name": "4810333bf96fb808604f3657118c734c3dd8ee4baa3e6ffe8da548ae0c8e15d3" } ], "malware": [ { "id": "legacy:malware:b9fcbc5b9e733c8a", "name": "YASS", "slug": "yass" }, { "id": "legacy:malware:16d9517e9b54ba05", "name": "MustardSandwich", "slug": "mustardsandwich" }, { "id": "legacy:malware:ec57094fa2184fd2", "name": "CryptBot", "slug": "cryptbot" }, { "id": "legacy:malware:ded3e0a95823a24e", "name": "NetSupport", "slug": "netsupport" } ], "attack_patterns": [ { "id": "ce39cd5d-9e4c-4138-b546-abd68e57f8c2", "name": "T1071.004" }, { "id": "6c54bb5e-b90c-478e-b1fb-705daf1869b3", "name": "T1197" }, { "id": "e8422fc8-8365-4a6a-a556-d6ec16cb4e5d", "name": "T1574.002" }, { "id": "9e784d22-5a6c-4da6-968a-5fab2f019efd", "name": "T1059.005" }, { "id": "b7ba0db0-7d4f-436f-8d5f-c431d690b048", "name": "T1555.003" }, { "id": "32b33067-6566-4b8d-be80-e96f765d84de", "name": "T1059.001" }, { "id": "9322d33b-00c1-4f99-9f1a-a33d93c0dac2", "name": "T1059.007" }, { "id": "667462db-9031-48eb-893a-05d35f9330a7", "name": "T1056.001" }, { "id": "a72b6e11-a5d5-4f5a-8f0d-8861e90c34f7", "name": "T1555" }, { "id": "8e0fea81-4d54-4e88-a7dd-3aa8b26558ed", "name": "T1113" }, { "id": "c9ee9b30-ba84-4c24-95e9-e8242d42af3f", "name": "T1071.001" }, { "id": "cf746a02-00ea-419e-912d-7b03f969c491", "name": "T1518.001" }, { "id": "70616b2f-4019-4963-b758-5d9f6f20e201", "name": "T1082" }, { "id": "c473a756-355a-42ad-a0df-cd3a8fa006d1", "name": "T1057" }, { "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571", "name": "T1105" }, { "id": "0c836307-129e-4ff7-a532-180c633cacba", "name": "T1027" }, { "id": "09124a92-c11f-4571-b35b-ab0bce6dd081", "name": "T1112" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" } ] }, "external_refs": [ "https://intezer.com/blog/research/cryptbot-yet-another-silly-stealer-yass/", "https://otx.alienvault.com/pulse/66e14e9f37e437974577602c" ] }