BHUNT

Description

(Bitdefender) Bitdefender researchers are constantly monitoring crypto wallet stealers. This is how we spotted a dropper with a hidden file that ran from the \Windows\System32\ folder. The dropper always wrote the same file, mscrlib.exet to the disk. Our analysis determined t a new cryptocurrency stealer, but its execution flow seems different from what we’re used to seeing in the wild. We named the stealer BHUNT after the main assembly’s name. BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet (Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, Litecoin wallets) contents, passwords stored in the browser, and passphrases captured from the clipboard.

Names

Name
BHUNT

Category

Malware

Type

• Banking trojan
• Info stealer
• Credential stealer

Information

• https://www.bitdefender.com/files/News/CaseStudies/study/411/Bitdefender-PR-Whitepaper-CyberWallet-creat5874-en-EN.pdf

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.bhunt

Other Information

Uuid

838793bc-4f18-4648-a590-3e6d3504b26d

Last Card Change

2022-12-27