CrackedCantil (Malware Family)

CrackedCantil

According to ANY.RUN, this is a dropper for win.privateloader and its execution will lead to a cascade of downloads with a large variety of additional malware.
The families include more loaders, information stealers, cryptominers, a proxy bot, and ultimately also ransomware.
The execution order is orchestrated, e.g. as in data is stolen and exfiltrated before encryption.
It is distributed through advertized cracked software, e.g. IDA Pro.

References

2024-02-06 ⋅ The Hacker News ⋅ Newsroom
Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials
CrackedCantil Phemedrone Stealer

2024-02-05 ⋅ PCrisk ⋅ Tomas Meskauskas
How to remove CrackedCantil from the operating system
CrackedCantil

2024-02-04 ⋅ Infostealers ⋅ LambdaMamba
CrackedCantil: A Malware Symphony Breakdown
CrackedCantil

2024-02-03 ⋅ Cloudsek ⋅ Pavan Karthick M
From Discussion Forums to Malware Mayhem: The Alarming Rise of Abuse on Google Groups and Usenet
CrackedCantil

2024-02-02 ⋅ Gridinsoft ⋅ Stephanie Adlam
CrackedCantil Dropper Delivers Numerous Malware
CrackedCantil

2024-02-01 ⋅ Medium g0njxa ⋅ g0njxa
Installskey Rewind 2023
CrackedCantil

2024-01-31 ⋅ AlienVault OTX ⋅ AlienVault
OTX Pulse - CrackedCantil: Malware Work Together
CrackedCantil

2024-01-31 ⋅ IBM X-Force Exchange ⋅ IBM Security X-Force Team
CrackedCantil: A Malware Symphony Breakdown
CrackedCantil

2024-01-30 ⋅ ANY.RUN ⋅ Lena (LambdaMamba)
CrackedCantil: A Malware Symphony Breakdown - PrivateLoader, Smoke, Lumma, RedLine, RisePro, Amadey, Stealc, Socks5Systemz, STOP
Amadey CrackedCantil Lumma Stealer PrivateLoader RedLine Stealer RisePro SmokeLoader Socks5 Systemz Stealc STOP

There is no Yara-Signature yet.

CrackedCantil Propose Change

References

CrackedCantil