ioc[.]one - OSINT Cyber Threat Intelligence Database

Crystal Rans0m: Emerging hybrid ransomware with stealer capabilities

Tags

cmtmf-attack-pattern:	Boot Or Logon Autostart Execution Command And Scripting Interpreter Obfuscated Files Or Information Process Injection
country:	Argentina Brazil China Georgia Italy Sweden Lithuania Peru Philippines Russia Ukraine United Kingdom United States Of America
attack-pattern:	Data Boot Or Logon Autostart Execution - T1547 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Credentials From Password Stores - T1555 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Exfiltration Over Web Service - T1567 Exfiltration Over Webhook - T1567.004 File Deletion - T1070.004 File Deletion - T1630.002 Financial Theft - T1657 Hardware - T1592.001 Impair Defenses - T1562 Impair Defenses - T1629 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Mshta - T1218.005 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Software - T1592.002 Virtualization/Sandbox Evasion - T1497 Virtualization/Sandbox Evasion - T1633 Command-Line Interface - T1059 Deobfuscate/Decode Files Or Information - T1140 File Deletion - T1107 Mshta - T1170 Obfuscated Files Or Information - T1027 Process Injection - T1055 Registry Run Keys / Start Folder - T1060 System Information Discovery - T1082

Show in Graph

Common Information

Type	Value
UUID	88b2cae6-425b-49a1-ab10-01d8fe409667
Fingerprint	8536b41b6637b619
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 12, 2024, 7 p.m.
Added to db	Sept. 12, 2024, 10:56 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Crystal Rans0m: Emerging hybrid ransomware with stealer capabilities
Title	Crystal Rans0m: Emerging hybrid ransomware with stealer capabilities
Detected Hints/Tags/Attributes	123/3/71

Source URLs

	Redirection	Url
Details	Source	https://outpost24.com/blog/crystal-ransom-hybrid-ransomware/

URL Provider

Details	Provider	Source level domain
Details	outpost24.com	outpost24.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	189	✔	Cybersecurity Blog & News - Outpost24	https://outpost24.com/blog/rss	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	3	steam.zip
Details	Domain	1	riot.zip
Details	Domain	41	discord.com
Details	Domain	2	getsession.org
Details	File	99	passwords.txt
Details	File	1	terms.txt
Details	File	4	downloads.txt
Details	File	1	visited.txt
Details	File	31	cookies.txt
Details	File	1	tkns.txt
Details	File	3	steam.zip
Details	File	1	riot.zip
Details	File	456	mshta.exe
Details	File	74	vmtoolsd.exe
Details	File	3	vmwaretrat.exe
Details	File	30	vmwareuser.exe
Details	File	1	vm_process.exe
Details	File	2	vmremoteguest.exe
Details	File	3	c:\windows\system32\drivers\vmmouse.sys
Details	File	1	c:\windows\system32\drivers\vm3dgl.dll
Details	File	1	c:\windows\system32\vmdum.dll
Details	File	1	c:\windows\system32\drivers\vboxguest.sys
Details	File	2	toolkit.exe
Details	File	2	httpdebuggerui.exe
Details	File	71	wireshark.exe
Details	File	24	fiddler.exe
Details	File	1	charles.exe
Details	File	79	regedit.exe
Details	File	2126	cmd.exe
Details	File	117	taskmgr.exe
Details	File	42	vboxservice.exe
Details	File	3	df5serv.exe
Details	File	56	processhacker.exe
Details	File	44	vboxtray.exe
Details	File	28	vmwaretray.exe
Details	File	7	ida64.exe
Details	File	40	ollydbg.exe
Details	File	6	pestudio.exe
Details	File	15	vgauthservice.exe
Details	File	26	vmacthlp.exe
Details	File	5	x96dbg.exe
Details	File	14	vmsrvc.exe
Details	File	28	x32dbg.exe
Details	File	14	vmusrvc.exe
Details	File	9	prl_cc.exe
Details	File	11	prl_tools.exe
Details	File	10	qemu-ga.exe
Details	File	19	joeboxcontrol.exe
Details	File	1	ksdumperclient.exe
Details	File	2	ksdumper.exe
Details	File	19	joeboxserver.exe
Details	File	9	xenservice.exe
Details	sha256	2	15219aa22db99f064c47c224a205cdd3ed438dabd2d2593242ed2882e6458311
Details	sha256	2	bed70b08cf8b00b4e6b04acd348b5e0343d207f3083e1c58261679706bd10318
Details	sha256	2	b027fe1e1e97d980de593cfd265d004b310c7655d3ee27ea3f10beaf70285e22
Details	sha256	2	4970bd280da663f483f927f3a6c47833ebcbfe2b640ee66a309b41c7ed084375
Details	sha256	2	693fb42336167d5432a807fcb9afcac7002113fc37b05a2d3aa61c1356256c52
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	125	T1555.003
Details	MITRE ATT&CK Techniques	2	T1567.004
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	16	T1657
Details	Url	2	https://discord.com/api/webhooks/1270187531933057115/otyzl7ahm9a-o9rxqmrvxz_ykoc_qc8mhvd3vpfp0axhhcbkcw_fokoosq2siaplipqw
Details	Url	2	https://discord.com/api/webhooks/1144625488816525372/uybmr5tvjy1faqe3fp5t7jbdawtqcy5mmrzsjavfml9zu2qqwbq-4odvqtnkwwcbpw3d