Analyzing BlackByte Ransomware's Go-Based Variants | Zscaler
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 61fd3fe8-37e7-4b3c-ac6b-c1e613415d7b |
| Fingerprint | 34709553879dbdd1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 3, 2022, midnight |
| Added to db | Sept. 11, 2022, 12:30 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Analysis of BlackByte Ransomware's Go-Based Variants |
| Title | Analyzing BlackByte Ransomware's Go-Based Variants | Zscaler |
| Detected Hints/Tags/Attributes | 117/3/76 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 38 | ntdetect.com |
|
| Details | Domain | 1 | 7oukjxwkbnwyg7cekudzp66okrchbuubde2j3h6fkpis6izywoj2eqad.onion |
|
| Details | Domain | 1 | fyk4jl7jk6viteakzzrxntgzecnz4v6wxaefmbmtmcnscsl3tnwix6yd.onion |
|
| Details | Domain | 1 | p5quu5ujzzswxv4nxyuhgg3fjj2vy2a3zmtcowalkip2temdfadanlyd.onion |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 23 | c:\windows\system32\sc.exe |
|
| Details | File | 17 | c:\windows\system32\taskmgr.exe |
|
| Details | File | 2 | c:\windows\system32\resmon.exe |
|
| Details | File | 6 | raccine.exe |
|
| Details | File | 9 | raccinesettings.exe |
|
| Details | File | 60 | c:\windows\system32\schtasks.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 21 | filename.exe |
|
| Details | File | 1 | bqgdovyl.exe |
|
| Details | File | 4 | complex.exe |
|
| Details | File | 54 | dbghelp.dll |
|
| Details | File | 83 | sbiedll.dll |
|
| Details | File | 16 | sxin.dll |
|
| Details | File | 13 | sf2.dll |
|
| Details | File | 20 | snxhk.dll |
|
| Details | File | 12 | cmdvrt32.dll |
|
| Details | File | 345 | vssadmin.exe |
|
| Details | File | 43 | wbadmin.exe |
|
| Details | File | 105 | bcdedit.exe |
|
| Details | File | 23 | diskshadow.exe |
|
| Details | File | 256 | net.exe |
|
| Details | File | 82 | taskkill.exe |
|
| Details | File | 240 | wmic.exe |
|
| Details | File | 18 | fsutil.exe |
|
| Details | File | 79 | regedit.exe |
|
| Details | File | 1 | blackbyte_filepath.exe |
|
| Details | File | 5 | mountvol.exe |
|
| Details | File | 1 | c:\windows\system32\mountvol.exe |
|
| Details | File | 351 | recycle.bin |
|
| Details | File | 143 | thumbs.db |
|
| Details | File | 193 | ntuser.dat |
|
| Details | File | 99 | bootsect.bak |
|
| Details | File | 113 | autoexec.bat |
|
| Details | File | 101 | iconcache.db |
|
| Details | File | 90 | bootfont.bin |
|
| Details | File | 3 | mountain.png |
|
| Details | File | 2 | blackbyterestore.txt |
|
| Details | File | 1 | bb.ico |
|
| Details | File | 41 | sample.exe |
|
| Details | File | 1 | i2uojh.ico |
|
| Details | File | 3 | c:\users\tree.dll |
|
| Details | File | 48 | c:\\windows\\system32\\cmd.exe |
|
| Details | File | 90 | wordpad.exe |
|
| Details | File | 1 | c:\\users\\tree.dll |
|
| Details | File | 1 | %systemdrive%\program files\windows nt\accessories\wordpad.exe |
|
| Details | File | 1 | c:\users\1howkk.dll |
|
| Details | sha256 | 1 | ffc4d94a26ea7bcf48baffd96d33d3c3d53df1bb2c59567f6d04e02e7e2e5aaa |
|
| Details | sha256 | 1 | d81493cdca5da915bf6b60d14f74e22fd94de483519a69f5942416cd98647d0b |
|
| Details | sha256 | 1 | 534f5fbb7669803812781e43c30083e9197d03f97f0d860ae7d9a59c0484ace4 |
|
| Details | sha256 | 3 | 1df11bc19aa52b623bdf15380e3fded56d8eb6fb7b53a2240779864b1a6474ad |
|
| Details | sha256 | 2 | 388163c9ec1458c779849db891e17efb16a941ca598c4c3ac3a50a77086beb69 |
|
| Details | sha256 | 2 | 44a5e78fce5455579123af23665262b10165ac710a9f7538b764af76d7771550 |
|
| Details | sha256 | 1 | 6f36a4a1364cfb063a0463d9e1287248700ccf1e0d8e280e034b02cf3db3c442 |
|
| Details | sha256 | 1 | 9103194d32a15ea9e8ede1c81960a5ba5d21213de55df52a6dac409f2e58bcfe |
|
| Details | sha256 | 1 | e434ec347a8ea1f0712561bccf0153468a943e16d2cd792fbc72720bd0a8002e |
|
| Details | IPv4 | 198 | 1.1.1.1 |
|
| Details | IPv4 | 5 | 185.93.6.31 |
|
| Details | Url | 1 | http://7oukjxwkbnwyg7cekudzp66okrchbuubde2j3h6fkpis6izywoj2eqad.onion |
|
| Details | Url | 1 | https://185.93.6.31/mountain.png |
|
| Details | Url | 1 | http://fyk4jl7jk6viteakzzrxntgzecnz4v6wxaefmbmtmcnscsl3tnwix6yd.onion |
|
| Details | Url | 1 | http://p5quu5ujzzswxv4nxyuhgg3fjj2vy2a3zmtcowalkip2temdfadanlyd.onion |
|
| Details | Windows Registry Key | 5 | HKLM\SYSTEM\CurrentControlSet\Control\FileSystem |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Raccine |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Raccine |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\SOFTWARE\Raccine |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWARE\Raccine |
|
| Details | Windows Registry Key | 98 | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System |
|
| Details | Windows Registry Key | 1 | HKEY_CLASSES_ROOT\.blackbyte |
|
| Details | Windows Registry Key | 20 | HKEY_CURRENT_USER\Control |
|
| Details | Windows Registry Key | 37 | HKCU\Control |