45.88.3.236 - Hcrypt Service

Malware
,
1

Introduction: Crypters are tools used by skids / scammers for make their program undetectable. The crypters can encrypt, obfuscate, and manipulate malware. The Crypter-as-a-Service (COS) is used to deploy RATS (Revenge RAT, Agent Tesla, AsyncRAT, and NetWire RAT) payloads on compromised systems.

[color=#FF00]Link (Dangerous): [/color] http://45.88.3.236

image
image747×487 38.8 KB

Virustotal Samples:
https://www.virustotal.com/gui/file/6f35ab9d6aed8b8df1754149da79be5cdadae7b5366e8f2be46d9370f7e920c0/relations
https://www.virustotal.com/gui/file/1aae4a0ee3da930c656e21a78157065ee57337828611b33ee39ca924e8c8ccfe

Example Crypter Obfuscation Message:

image
image1784×611 35.8 KB

image
image1841×308 18.3 KB

Now Source of COS (45.88.3.236):

image
image1861×360 14.7 KB

Server.txt
image
image1826×547 41.5 KB

Random.vbs
image
image1846×379 18.6 KB

PS1.txt
image
image1756×538 73.7 KB

HHA.HTA

1 Like
2

AsyncRAT:

image
image1498×869 67 KB

Understable Text: (Simple Deobfuscation)
image
image1643×156 10.1 KB

1 Like
3

Nice post, thanks :slight_smile: