BlackByte Ransomware – Pt. 1 In-depth Analysis
Tags
Common Information
| Type | Value |
|---|---|
| UUID | dadcd8c2-49cd-43b6-9196-471d2568cee8 |
| Fingerprint | b5263051a7039f55 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 15, 2021, midnight |
| Added to db | Sept. 11, 2022, 12:38 p.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | SpiderLabs Blog |
| Title | BlackByte Ransomware – Pt. 1 In-depth Analysis |
| Detected Hints/Tags/Attributes | 90/2/54 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 38 | ntdetect.com |
|
| Details | File | 2 | spider.png |
|
| Details | File | 5 | forest.png |
|
| Details | File | 1 | spiderlabs.png |
|
| Details | File | 83 | sbiedll.dll |
|
| Details | File | 16 | sxin.dll |
|
| Details | File | 13 | sf2.dll |
|
| Details | File | 20 | snxhk.dll |
|
| Details | File | 12 | cmdvrt32.dll |
|
| Details | File | 155 | cscript.exe |
|
| Details | File | 345 | vssadmin.exe |
|
| Details | File | 43 | wbadmin.exe |
|
| Details | File | 105 | bcdedit.exe |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 23 | diskshadow.exe |
|
| Details | File | 256 | net.exe |
|
| Details | File | 82 | taskkill.exe |
|
| Details | File | 240 | wmic.exe |
|
| Details | File | 4 | taskill.exe |
|
| Details | File | 6 | raccine.exe |
|
| Details | File | 9 | raccinesettings.exe |
|
| Details | File | 249 | schtasks.exe |
|
| Details | File | 118 | sc.exe |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 351 | recycle.bin |
|
| Details | File | 37 | icacls.exe |
|
| Details | File | 5 | mountvol.exe |
|
| Details | File | 6 | c:\windows\system32\icacls.exe |
|
| Details | File | 2 | obamka.js |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 1 | c:\\users\\public\\obamka.js |
|
| Details | File | 143 | thumbs.db |
|
| Details | File | 100 | ntuser.dat.log |
|
| Details | File | 99 | bootsect.bak |
|
| Details | File | 113 | autoexec.bat |
|
| Details | File | 101 | iconcache.db |
|
| Details | File | 90 | bootfont.bin |
|
| Details | File | 1 | vylvz3le.dll |
|
| Details | File | 1 | 2edpcniu.dll |
|
| Details | Github username | 10 | spiderlabs |
|
| Details | sha256 | 2 | 884e96a75dc568075e845ccac2d4b4ccec68017e6ef258c7c03da8c88a597534 |
|
| Details | sha256 | 1 | 9bff421325bed6f1989d048edb4c9b1450f71d4cb519afc5c2c90af8517f56f3 |
|
| Details | sha256 | 1 | d3efaf6dbfd8b583babed67046faed28c6132eafe303173b4ae586a2ca7b1e90 |
|
| Details | sha256 | 1 | 92ffb5921e969a03981f2b6991fc85fe45e07089776a810b7dd7504ca61939a3 |
|
| Details | sha256 | 1 | f8efe348ee2df7262ff855fb3984884b3f53e9a39a8662a6b5e843480a27bd93 |
|
| Details | IPv4 | 6 | 45.9.148.114 |
|
| Details | Url | 3 | http://45.9.148.114/forest.png |
|
| Details | Url | 2 | https://github.com/spiderlabs/blackbytedecryptor |
|
| Details | Windows Registry Key | 164 | HKLM\SOFTWARE\Microsoft\Windows |
|
| Details | Windows Registry Key | 112 | HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Raccine |
|
| Details | Windows Registry Key | 98 | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System |
|
| Details | Windows Registry Key | 5 | HKLM\SYSTEM\CurrentControlSet\Control\FileSystem |