Acecryptor

Malware updated 3 months ago (2024-08-14T10:17:38.323Z)

Download STIX

Preview STIX

AceCryptor is a malicious software (malware) that has been used extensively in phishing campaigns to protect and deliver other malware. In the second half of 2023, AceCryptor was notably employed to package Rescoms malware for distribution across Central and Eastern Europe, with the aim of stealing credentials and gaining initial access to company networks. Four dedicated IP addresses were associated with AceCryptor, two of which were categorized as malicious, hosting 279 domains, 17 of which were identified as harmful. However, a significant shift in delivery mechanisms occurred in May 2024 when threat actors began transitioning from AceCryptor to ModiLoader for disseminating malware, including Rescoms, Agent Tesla, and Formbook. This change reflects an ongoing effort by attackers to evade detection and increase their success rate. DNS lookups on these domains revealed they resolved to five unique IP addresses, none of which were previously included in the list of AceCryptor indicators of compromise (IoCs). Our latest research into general malware crypting services unearthed 786 potentially related artifacts, while investigations specific to AceCryptor led to nearly 300 DNS-connected properties. Despite this, AceCryptor continues to be recognized as a leading service in its field. With seven domains and three IP addresses linked to it, understanding and tracking the activities of AceCryptor remains crucial in the fight against cyber threats.

Description last updated: 2024-08-14T09:34:57.959Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Tool

Phishing

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Rescoms Malware is associated with Acecryptor. Rescoms, also known as Remcos, is a remote access trojan (RAT) malware designed to exploit and damage computer systems by stealing sensitive information. It was primarily used in significant phishing campaigns across Central and Eastern Europe during the second half of 2023. These campaigns utilized	Unspecified	2

Source Document References

Information about the Acecryptor Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
ESET	4 months ago	Phishing targeting Polish SMBs continues via ModiLoader
Securityaffairs	4 months ago	Phishing campaigns target SMBs in Poland
CERT-EU	a year ago	New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions
CERT-EU	a year ago	A DNS Deep Dive Into Malware Crypting
ESET	8 months ago	AceCryptor attacks surge in Europe – Week in security with Tony Anscombe
ESET	8 months ago	Rescoms rides waves of AceCryptor spam