This report is an overview of the crypter-as-a-service, HCrypt. Similar to ransomware-as-a-service, HCrypt is sold to less technical malicious actors. The end goal of this malware is the installation of a user-defined RAT (remote access trojan) on the victim machine. The creation and scale of the malware have been attributed to malware author NYANxCAT, who is also attributed with writing MassLogger, AsyncRAT, and LimeRAT.
As is frequently seen with malware campaigns, phishing is the initial attack vector for this malware. HCrypt relies on user-defined C&C (command and control) infrastructure to execute the attack. In total, Morphisec identifies six stages of HCrypt.
user-defined RAT through a technique known as Process Hollowing to evade detection.
Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.
This informed analysis is based on the latest data available.