AceCryptor first appeared in the year 2016. Since, this cryptor has been used to pack tens of malware to date, many of its technical components have already been discussed and detailed. We may already be familiar with this cryptor, sometimes referred to as the DJVU obfuscation, SmokeLoader’s stage 1, RedLine stealer’s stage 1, 2, and 3, easy and popular packer, etc. Let us connect the dots for you by offering not only a technical analysis of its variants but also an overview of the malware families that can be found packed by it and how common AceCryptor is in the wild. Many (but not all) of the published blog posts fail to even recognize this cryptor as a separate malware family.
For malware programmers, protecting their malwares from being detected is a challenge. The first line of protection against malware from getting distributed is cryptors. Threat actors are capable of designing and maintaining their own unique cryptors, however, for crimeware threat actors, keeping their cryptor in a condition known as FUD (fully undetectable) is frequently a time-consuming or technically challenging task. Numerous malware-packed cryptor-as-a-service (CaaS) alternatives have emerged in response to the demand for this protection. These cryptors can combine several anti-VM, anti-debugging, and anti-analysis approaches to achieve payload hiding.
Since its establishment, AceCryptor has been used by several malware programmers. Its services were even used by crimeware like Emotet, which did not have its own cryptor at that time. During 2021-22, software company ESET found
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: