Revealing the 'Snip3' Crypter, a Highly Evasive RAT Loader
released on 2021-05-07 @ 08:18:01 PM
Morphisec has recently monitored a highly sophisticated Crypter-as-a-Service that delivers numerous RAT families onto target machines. The Crypter is most commonly delivered through phishing emails, which lead to the download of a visual basic file. In some cases, however, the attack chain starts with a large install file, such as an Adobe installer, which bundles the next stage. Morphisec has named the Crypter “Snip3” based on the common denominator username taken from the PDB indicator we found in an earlier variant.