[ MALWARE MUTEX INTELLIGENCE DATABASE ]
 ███████╗██╗   ██╗██╗██╗         ███╗   ███╗██╗   ██╗████████╗███████╗██╗  ██╗
 ██╔════╝██║   ██║██║██║         ████╗ ████║██║   ██║╚══██╔══╝██╔════╝╚██╗██╔╝
█████╗  ██║   ██║██║██║         ██╔████╔██║██║   ██║   ██║   █████╗   ╚███╔╝
██╔══╝  ╚██╗ ██╔╝██║██║         ██║╚██╔╝██║██║   ██║   ██║   ██╔══╝   ██╔██╗
 ███████╗ ╚████╔╝ ██║███████╗    ██║ ╚═╝ ██║╚██████╔╝   ██║   ███████╗██╔╝ ██╗
 ╚══════╝  ╚═══╝  ╚═╝╚══════╝    ╚═╝     ╚═╝ ╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝

Advanced Malware Analysis & Threat Intelligence

06:17:09
[ALL_FAMILIES]

BBTok

loader2 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:
BBTok
CATEGORY:
LOADER
DESCRIPTION:
BBTok is a .NET loader malware that has been observed in various cybercriminal campaigns. The malware is designed to download and execute additional payloads on compromised systems and employs obfuscation techniques to evade detection. It has been analyzed for its deobfuscation methods and multi-stage attack capabilities.
ALIASES:
BBTok Loader
TAGS:
payload_deliverymulti_stagedotnetobfuscationcybercriminal

[MUTEX_SIGNATURES](2)

[MUTEX_01]
TiiSbtvhvbCMW
ANALYST: @adhikara13 DATE: 2024-07-16
REFERENCES:
https://www.gdatasoftware.com/blog/2024/09/38039-bbtok-deobfuscating-net-loader
[MUTEX_02]
KOKKIIKKKOOOO
ANALYST: @adhikara13 DATE: 2024-07-16
REFERENCES:
https://www.gdatasoftware.com/blog/2024/09/38039-bbtok-deobfuscating-net-loader

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:
Unknown
FIRST_OBSERVED:
2024

[SIGMA_RULE]

[STATISTICS]
MUTEX_COUNT:2
THREAT_ACTORS:1
ALIASES:1
TAGS:5
CATEGORY:LOADER
 Malware profile loaded successfully 
 EvilMutex Project v1.0.0 
 Open Source Threat Intelligence Database 
[GITHUB][DOCS]