SYMBOLCOMMON_NAMEaka. SYNONYMS
win.crackedcantil (Back to overview)

CrackedCantil


According to ANY.RUN, this is a dropper for win.privateloader and its execution will lead to a cascade of downloads with a large variety of additional malware.
The families include more loaders, information stealers, cryptominers, a proxy bot, and ultimately also ransomware.
The execution order is orchestrated, e.g. as in data is stolen and exfiltrated before encryption.
It is distributed through advertized cracked software, e.g. IDA Pro.

References
2024-02-06The Hacker NewsNewsroom
Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials
CrackedCantil Phemedrone Stealer
2024-02-05PCriskTomas Meskauskas
How to remove CrackedCantil from the operating system
CrackedCantil
2024-02-04InfostealersLambdaMamba
CrackedCantil: A Malware Symphony Breakdown
CrackedCantil
2024-02-03CloudsekPavan Karthick M
From Discussion Forums to Malware Mayhem: The Alarming Rise of Abuse on Google Groups and Usenet
CrackedCantil
2024-02-02GridinsoftStephanie Adlam
CrackedCantil Dropper Delivers Numerous Malware
CrackedCantil
2024-02-01Medium g0njxag0njxa
Installskey Rewind 2023
CrackedCantil
2024-01-31AlienVault OTXAlienVault
OTX Pulse - CrackedCantil: Malware Work Together
CrackedCantil
2024-01-30ANY.RUNLena (LambdaMamba)
CrackedCantil: A Malware Symphony Breakdown - PrivateLoader, Smoke, Lumma, RedLine, RisePro, Amadey, Stealc, Socks5Systemz, STOP
Amadey CrackedCantil Lumma Stealer PrivateLoader RedLine Stealer RisePro SmokeLoader Socks5 Systemz Stealc STOP

There is no Yara-Signature yet.