APT / THREAT GROUP

BHunt

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

BHunt collects the crypto wallets of its victims. The malware consists of several functions/modules, e.g. a reporting module that reports the presence of crypto wallets on the target computers to the C2 server. It searches for many different cryptocurrencies (e.g. Atomic, Bitcoin, Electrum, Ethereum, Exodus, Jaxx and Litecoin). The Blackjack module is used to steal wallets, Sweet_Bonanza steals victims' browser passwords. There are also modules like the Golden7 or the Chaos_crew module.

Threat Analysis

BHunt is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

win.bhuntBHunt

External Intelligence

Malpedia: win.bhunt

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.