Union Crypto Trader

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Union Crypto Trader is a malicious software (malware) that targets cryptocurrency applications, specifically the Blackbird Bitcoin Arbitrage application. It was discovered that both Celas LLC and JMT Trader had previously modified the same type of cryptocurrency application, Q.T. Bitcoin Trader. Union Crypto Trader, along with JMT Trader, perform similar actions and share identical functionality. The malware operates covertly, often without the knowledge of the user, to exploit and damage computer systems. Its primary mode of entry is through suspicious downloads, emails, or websites. Once installed, Union Crypto Trader presents itself as a service that "automatically installs updates for Union Crypto Trader." Upon launch, it collects the victim's host information through a method known as System Owner/User Discovery (T1033). The collected data is then combined into a string, which is subsequently MD5 hashed and stored in the auth_signature variable before being exfiltrated. This exfiltration process involves sending the stolen data to a command-and-control (C2) website, a technique known as Exfiltration Over C2 Channel (T1041). The Union Crypto Trader and Celas LLC employ XOR values that are 16 bytes in length. The use of these XOR values is likely part of the malware's strategy to obfuscate its activities and evade detection. In summary, Union Crypto Trader represents a significant threat to users of the targeted cryptocurrency applications due to its ability to steal sensitive information, disrupt system operations, and potentially hold data for ransom.
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
T1041
Bitcoin
T1033
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Union Crypto Trader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
AppleJeus: Analysis of North Korea’s Cryptocurrency Malware | CISA