Snip3 Highly Evasive Crypter Delivers RAT Families To Infected Devices
Morphisec has recently monitored a highly sophisticated Crypter-as-a-Service that delivers numerous RAT families onto target machines. Crypter dubbed as Snip3 is usually delivered via phishing emails, which bait users into downloading a visual basic file or a large install file like Adobe Installer, which bundles the next stage. To avoid detection Snip3 executes PowerShell code with the ‘remotesigned’ parameter, validates the existence of Windows Sandbox and VMWare virtualization, uses Pastebin and top4top for staging, and compiles RunPE loaders on the endpoint in runtime. Read more...