A fileless campaign that used a new HCrypt variant to distribute numerous remote access trojans (RATs) in victim systems uses a newer obfuscation mechanism compared to what has been observed in past reports. It reached the peak of activity in the middle of August 2021.
HCrypt is a crypter and multistage generator that is considered difficult to detect. It is identified as a crypter-as-a-service, paid for by threat actors to load a RAT (or in this case RATs) of their choosing. The campaign also showed new obfuscation techniques and attack vectors, different from those that were observed in the past.
Source: Trend Micro