Connect with us

Hi, what are you looking for?

Cyber Security

AttackCrypt: A Payload Encryptor That Allows Malware to Evade Antivirus Scanners

AttackCrypt, an open-source “crypter,” was recently used by cybercriminals to hide malware binaries and avoid antivirus detection.

A crypter is a kind of software that can encrypt, obfuscate, and alter malicious code to make detection by security tools more difficult. 

“AttackCrypt is an open source “crypter” project that can be used to “protect” binaries and “prevent” detection by AV,” OALABS Research.

Additionally, it enables various features that may be added to existing malware to strengthen its harmful capabilities, including process injection, persistence mechanisms, scheduled tasks, startup programs, file obfuscation, .Net, and native injection methods etc.

Working of AttackCrypt

Researchers say this crypter is now in use in the wild and was recently used to “protect” VenomRAT.

According to the profile on GitHub, the profile behind this program looks to be Russian and has received 259 contributions and 284 followers since last year.

Based on its page’s description, the tool may “Evade Antivirus with Different Techniques,” and it is explicitly stated not to upload this tool to VirusTotal to maximize its lifetime.

The Attacker-Crypter is delivered in an RAR archive and includes other files necessary for its operation, such as a DLL and configuration files. These DLL and configuration files are essential components of the utility and help the main module (Attacker-Crypter) function properly.

The main module (Attacker-Crypter) is a 32-bit unsigned Windows executable with a GUI. Instead of requiring elevated or administrative access, it can function with the current user’s normal security settings.

The retrieved codes from the Attacker-Crypter tool support some of the functions claimed by the developer and the features that it can add to the existing malware, such as detection of the WoW64 environment, debugger detection, process termination, writing process memory and mapping and un-mapping of the sections, network communication, use of HTTP protocol, self-deletion of files after execution, etc.

Capabilities Of The Attacker-Crypter Tool

  • Malware encryption.
  • AMSI (Windows Antimalware Scan Interface) bypass.
  • Process injection into an existing process utilizing RunPE and.NET assembly loading.
  • 32-bit and 64-bit process injection.
  • Cloning a trustworthy process and adding it to the malware.
  • Examining the analysis environment, including virtualization software and debuggers.
  • After process injection, the executable should remove itself using the melt function.
  • Increasing the infected file’s size and making it stand out from the original malware requires adding bytes.
  • File obfuscation.
  • Run a PowerShell command once a malware file has finished running.
  • Notify the tool’s user if encrypted malware is run using the socket server configuration or Telegram chatbot.

This tool’s threat actor has a sizable internet presence, with adequate followers and contributions. This finding highlights the continued necessity for strong security measures to thwart threat actors’ shifting strategies in the digital sphere.

Source: https://cybersecuritynews.com/attackcrypt-payload-encrypter/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Cyber Security

We are glad to present the most recent news on cybersecurity in this week’s Threat and Vulnerability Roundup from Cyber Writes.  The latest attack...

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Cyber Security

The internet domains serve as a launchpad for threat actors to launch several cyber attacks. By exploiting the internet domains as a launchpad platform, threat actors can...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO