Crazyhunter
CrazyHunter is a Go-based ransomware group that emerged in early 2025, derived from the open-source Prince encryptor, exclusively targeting Taiwanese organizations in healthcare, education, and industrial sectors using BYOVD techniques and tools like SharpGPOAbuse for lateral movement.
Victims
10
First Discovered
2025-03-09
victim
Last Discovered
2025-03-30
victim
Inactive Since
1yr
more than
Avg Delay
4
days
Infostealer
50.0%
victims with domain
Countries
2
hit
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
No | 2026-04-28T07:23:20 |
7i6sfmfvmqfaabjksckwrttu3nsbopl3xev2vbxbkghsivs5lqp4yeqd.onion
|
Target
Top 5 Activity Sectors
- Technology 3
- Healthcare 3
- Manufacturing 2
- Consumer Services 1
- Education 1
Top 5 Countries
-
Taiwan, Province of China
9
-
United States
1
Heatmap
Tools Used
| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |
|---|---|---|---|---|---|---|---|
|
|
|
Zemana Anti-Rootkit driver
av-1m.exe (AV bypass)
go.exe / go2.exe (BYOVD loader)
|
|
Donut
Prince Ransomware
SharpGPOAbuse
bb.exe (shellcode loader)
|
|
|
|
YARA Rules (1)
Indicators of Compromise (IoCs) (3)
telegram
2
tox
1
| Type | IOC |
|---|---|
telegram
|
https://t.me/CrazyHuntersTeam
|
telegram
|
https://t.me/Magic13377
|
tox
|
E8481B6E149862EEEA79668EBBC50B96A6B6529C5DDD905491E2F838EF7D174FB73DB97F1FFD
|
Victims (10)
Surface Material Supplier — Keding - the interior surface expert, committed to excellence in every d…
Crazyhunter hacked into Asia University-www.asia.edu.tw from 2025.1.27 to 2025.1.29…
Crazyhunter hacked into Asia University-www.asia.edu.tw from 2025.1.27 to 2025.1.29…