Malware

Sugar Ransomware Is A New RaaS Threat To The Threat Landscape.

The researchers reported that ,”Sugar ransomware appears to target individual computers rather than entire enterprises, in contrast to other ransomware operations. Sugar malware was discovered for the first time in November 2021; it is a Delphi malware that steals code from other ransomware families.

This suggests that the Sugar ransomware and its crypter were created by the same team; another scenario involves a threat actor offering a crypter to a network of affiliates. The experts also noticed some similarities between the Sugar ransomware and the REvil’s ransomware, as well as the decryptor page and the one used by Clop operators.

The crypter, which uses a modified version of the RC4 algorithm and reuses the same routine from the crypter as part of the malware’s string decoding, is one of the most intriguing components of the new malware family.

Experts discovered additional similarities in the GPLib library, which is used for encryption/decryption operations.

Finally the researchers concluded that ,”The malware is written in Delphi, but the interesting part from a RE standpoint was the reuse of the same routine from the crypter as part of the string decoding in the malware, leading us to believe that they have the same dev and the crypter is probably part of the build process or some service the main actor offers to their affiliates.”

Indicator Of Compromise 

bottomcdnfiles.com
cdnmegafiles.com
179.43.160.195
chat5sqrnzqewampznybomgn4hf2m53tybkarxk4sfaktwt7oqpkcvyd.onion
82.146.53.237
sugarpanel.space15a7fb45f703d5315320eef132f3151873055161
5816a77bf4f8485bfdab1803d948885f76e0c926fed9da5ac02d94e62af8b145
320eefd378256d6e495cbd2e59b7f205d5101e7f
18cb9b218bd23e936128a37a90f2661f72c820581e4f4303326705b2103714a9
e835de2930bf2708a3a57a99fe775c48f851fa8f
1318aeaea4f2f4299c21699279ca4ea5c8fa7fc38354dd2b80d539f21836df5a
98137dd04e4f350ee6d2f5da613f365b223a4f49
aa41e33d3f184cedaaaabb5e16c251e90a6c4ff721a599642dc5563a57550822
a4854ce87081095ab1f1b26ff16817e446d786af
4a97bc8111631795cb730dfe7836d0afac3131ed8a91db81dde5062bb8021058
c31a0e58ae70f571bf8140db8a1ab20a7f566ab5
315045e506eb5e9f5fd24e4a55cda48d223ac3450037586ce6dab70afc8ddfc9

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1, Linkedin handle @linkedin

Published by shamili0508

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s