PyDCrypt

Description

(Check Point) The main goals of PyDCrypt are to infect other computers and to make sure the main payload, DCSrv, is executed properly. The executable is written in Python and compiled with PyInstaller with encryption, using the —key flag during the build phase. As we mentioned previously, the attackers build a new sample for each infected organization, and hardcode the parameters collected from the victim’s environment.

Names

Name
PyDCrypt

Category

Malware

Type

• Remote command
• Loader

Information

• https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/

Mitre Attack

• https://attack.mitre.org/software/S1032/

Other Information

Uuid

6d7303ed-87b7-4c75-89e0-80cbce684a85

Last Card Change

2022-12-30