Acecryptor

Malware updated a month ago (2024-11-29T13:58:46.547Z)
Download STIX
Preview STIX
AceCryptor is a malicious software (malware) that has been used extensively in phishing campaigns to protect and deliver other malware. In the second half of 2023, AceCryptor was notably employed to package Rescoms malware for distribution across Central and Eastern Europe, with the aim of stealing credentials and gaining initial access to company networks. Four dedicated IP addresses were associated with AceCryptor, two of which were categorized as malicious, hosting 279 domains, 17 of which were identified as harmful. However, a significant shift in delivery mechanisms occurred in May 2024 when threat actors began transitioning from AceCryptor to ModiLoader for disseminating malware, including Rescoms, Agent Tesla, and Formbook. This change reflects an ongoing effort by attackers to evade detection and increase their success rate. DNS lookups on these domains revealed they resolved to five unique IP addresses, none of which were previously included in the list of AceCryptor indicators of compromise (IoCs). Our latest research into general malware crypting services unearthed 786 potentially related artifacts, while investigations specific to AceCryptor led to nearly 300 DNS-connected properties. Despite this, AceCryptor continues to be recognized as a leading service in its field. With seven domains and three IP addresses linked to it, understanding and tracking the activities of AceCryptor remains crucial in the fight against cyber threats.
Description last updated: 2024-08-14T09:34:57.959Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Tool
Phishing
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Rescoms Malware is associated with Acecryptor. Rescoms, also known as Remcos, is a remote access trojan (RAT) malware designed to exploit and damage computer systems by stealing sensitive information. It was primarily used in significant phishing campaigns across Central and Eastern Europe during the second half of 2023. These campaigns utilizedUnspecified
2
Source Document References
Information about the Acecryptor Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more