TangleCrypt: New Malware Packer Discovered in Qilin Ransomware

WithSecure’s STINGR Group has unveiled TangleCrypt, a previously undocumented malware packer used in a recent Qilin ransomware attack. TangleCrypt demonstrates advanced encryption techniques but is riddled with coding flaws that can cause the malware to crash. The packer was used to conceal STONESTOP, an EDR killer that leverages the malicious ABYSSWORKER driver. Despite its advanced features, TangleCrypt's instability highlights the varying quality of tools in the cybercriminal underground.