CryptBot is an infostealer targeting Windows operation systems that was first discovered in the wild in 2019. It is designed to steal sensitive information from infected computers, such as credentials for browsers, cryptocurrency wallets, browser cookies, credit card information, and screenshots of the infected system. It is distributed through phishing emails and cracked software.

This threat is not currently being used in large numbers, but it is spreading actively to users of a variety of countries. At the time of writing, we have seen CryptBot distributed via emails with malicious attachments and through cracked software such as pirated versions of Microsoft Office, Autodesk AutoCAD, and Adobe Photoshop.

The malware appears to be a new venture for the creators behind Emotet - another serious piece of malware that was widely distributed via phishing campaigns in early 2019. The threat is detected as Trojan:Win32/Agent.BZ and Trojan:Win32/Swrort and blocked by Trend Micro™ security products already on users’ systems.

Using its capabilities, the malware can perform several operations that are typical for its type. For example, it can take screenshots of the infected system and send them to the attackers. It can search for web browser credentials for those systems, add those credentials to a local database and save the information to files on the system. The threat can also copy itself and other files to different partitions (e.g., in another drive) of an infected system and create registry keys that allow it to communicate with Command & Control servers.

‍

Source: CryptBot Infostealer: Malware Analysis - AlienVault - Open Threat Exchange