Asmcrypt

Malware updated 23 days ago (2024-11-29T14:07:45.263Z)
Download STIX
Preview STIX
ASMCrypt, a novel malware crypter and loader, has been developed by cybercriminals to evade detection and load the final payload undetected by antivirus or EDR systems. First discovered on underground forums, ASMCrypt builds upon the stealthy DoubleFinger malware loader, previously used to facilitate GreetingGhoul cryptocurrency stealer deployment. The new malware variant was detailed in an article published by SC Magazine on October 2, 2023, highlighting its modular, multi-stage loading process designed for evading detection. ASMCrypt operates as a front for an actual service running on the TOR network. The buyer first obtains the ASMCrypt binary, which then connects to the malware's backend service over the TOR network using hardcoded credentials. This unique operation method sets it apart from other malware loaders and highlights its advanced design. The emergence of ASMCrypt marks a significant development in the increasing prevalence of malware loaders in cyberattacks. After careful analysis, there is a high degree of confidence that ASMCrypt is an evolved version of DoubleFinger. Both share similarities in their intent to bypass detection while delivering their harmful payloads. However, ASMCrypt's sophisticated modus operandi, leveraging the TOR network, indicates a significant evolution in malware technology. This underscores the need for continuous advancements in cybersecurity measures to counter such threats.
Description last updated: 2024-10-17T12:53:32.947Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Hijackloader is a possible alias for Asmcrypt. HijackLoader is a new and rapidly growing malware in the cybercrime community, designed to exploit and damage computer systems. This malicious software infects systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once infiltrated, HijackLoader can steal personal
2
Doublefinger is a possible alias for Asmcrypt. DoubleFinger, a sophisticated malware originating from China, was reported in June 2023 to be used in complex attacks aimed at stealing cryptocurrency. The malware operates as a five-stage, shellcode-style loader that conceals its payloads within PNG image files, which it downloads from the image-sh
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Loader
Crypting
Malware
Payload
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.