BellaCPP: Charming Kitten's Latest Malware Innovation in Asia
- Actor Motivations: Espionage,Exfiltration
- Attack Vectors: Malware
- Attack Complexity: Medium
- Threat Risk: High Impact/Low Probability
Threat Overview
Kaspersky has uncovered BellaCPP, a new C++ variant of the BellaCiao malware family, linked to the Charming Kitten threat actor. BellaCPP, found on an infected machine in Asia, features domain generation, XOR-encrypted string decryption, and SSH tunneling, with payloads stored in critical directories like C:\Windows\System32. It lacks a webshell, showing refined design. PDB paths reveal targeting details, highlighting evolving capabilities. These findings underscore the need for robust cybersecurity and thorough network scanning to combat such threats.
Extracted IOCs
- systemupdate[.]info
- 103ce1c5e3fdb122351868949a4ebc77
- 14f6c034af7322156e62a6c961106a8c
- 222380fa5a0c1087559abbb6d1a5f889
- 28d02ea14757fe69214a97e5b6386e95
- 36b97c500e36d5300821e874452bbcb2
- 44d8b88c539808bb9a479f98393cf3c7
- 4c6aa8750dc426f2c676b23b39710903
- 8ecd457c1ddfbb58afea3e39da2bf17b
- ac4606a0e10067b00c510fb97b5bd2cc
- ac6ddd56aa4bf53170807234bc91345a
- e24b07e2955eb3e98de8b775db00dc68
- febf2a94bc59011b09568071c52512b5
Tip: 13 related IOCs (0 IP, 1 domain, 0 URL, 0 email, 12 file hash) to this threat have been found.